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(54) SYSTEM FOR DELIVERING PROGRAM TO STORAGE MODULE OF MOBILE TERMINAL 

g a plurality of storage 



(57) AUsM12hsvit 
buiit into or mounted in a mobile terminal 11 A contents 
server 19, upon receipt of a distribution request from the 
mobile terminal 11. distributes a program or data used 



at the time of program execution or the program itself 
through a network Including a radio network. This pro- 
gram and 1he data or the program itself are stored in. the 
storage area of the UIM 12 and not through the control 
unit of "he mobile terminal 11 
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Description 

TECHNICAL FIELD 

(OOatJ The present invention relates teatechniq„gfcr 
distributing a program (application or applet) to a stor- 
age module built or mounted in a mobile terminal. 

BACKGROUND ART 

[0002] In recent ya> i s., a -nob.;?: lerminal has been de- 
veloped when has -■ ;:.;ograrn executing environment. 
Ars oxamp co'.-! rr i j :o;T";: :ai •;.•!•-:;:. type is one wiiCb 
has s Java virtual machine. The user installs a program 
in tne mobile terminal and thus can add a desired func- 
tion to the mobile terminal. 

[0003) However, even if desirable functions are added 
to a mobile terminal, a user is liable to become tired of 
using tne same rnooiie terminal alter a protracted peri- 
oo. Or- -heothei ttanu the rncbi o? te n industry suf- 
fers fierce competition and various new products, attrac- 
tive to users , have been successively placed on the mar- 
ket. A user may want to change his mobile terminal with 
a now desirable product placed on the market. Once the 
mobiSe terminal is replaced, however, the functions that 
h*ve hitherto been added tc the old mobile terminal can- 
not be used any longer, if the same functions are to be 
use--! avor. afier thno nangool a mobile lerrnmal. the pro- 
grams that have been installed in ihe old mobile terminal 
have tc be installed in the new mobile terminal. This is 
a troublesome job. 

DISCLOSURE OF THE INVENTION 

[0004 f This invention has been achieved in view of the 
situation describsd above, and the object thereof is to 
provide a system In which even after a mo&iie terminal 
is changed, the programs that could be used before the 
change of the mobile terminal, can be continuously used 
after the change. 

{0005] In order to achieve this object, the present in- 
ventors have taken notice of a certain type of a mobile 
terminal, that is to say. a mobile terminal capable of Do- 
ing mounted or having fitted therein a module for storing 
the subscribe Tailor ir-ciuc; the sulsciber 
number and the memory dial information (hereinafter re- 
ferred to as the user ID module or UtM). The use? of this 
type of the mobile terminal, whenever desirous of 
changing it with anew mobile terminal can use me new 
mobile terminal in similar mannet simply by mounting or 
building into the new mobile terminal the UIM which he 
may have. In connection with this the present inventors 
have come up with the following idea Specifically, once 
a program is stored in this UIM. the- program used with 
the old mobile terminal can be easily transferred to the 
new mobile terminal for an improved operating conven- 
ience of the user 

[0006} Nevertheless, the problem of security has 



been an obstacle to realizing such a novel mobile ter- 
minal. 

[0007) First, as long as no limit is set on the operation 
of writing a program in the UIM the inherent functions 
5 of the mobile terminal may be undesirably destroyed in- 
tentionally or negligently 

[OOCS] Also, the subscriber information stored in the 
I tVS ray include the personal information or data hav- 
ing monetary value. From the viewpoint of security. 
10 therefore, careful consideration is necessary net to 
cause the lessee of 'his information m writing a pro- 
gram in the UIM. 

[0009} In order to solve this security problem and im- 
prove the operating convenience for the user, according 

»* to the present invention, there s provided a program dis- 
tribution system composing a mobile terminal having 
means for transmitting a program distribution request, 
a stcage module built m or connected to the mobile ter- 
minal, a conic nis se»ve* for receiving the distribution re- 

zo quest and transmitting a program to be distributed and 
a distribution management server for receiving the pro- 
gram from ihe contents server and, as long as the con- 
tents server is authorized, transmitting the program re- 
ceived from ihe contents server tc the storage moduie 

55 built In or connected tc {he mobile terminal, character- 
teed in that the storage moduie includes a storage unit, 
and a control unit for storing in the storage unit the- pro- 
gram received from the distribulion management server 
through the mobile terminal and executing the program 

30 stored in the storage unit in response to a request, 
[0010J Also, according to the present invention, there 
Is provided a program distribution system comprising a 
mobile terminal having means for transmitting a pro- 
gram distribution request, a storage module bull] In or 

35 connected to the mobile terminal, and a distribution 
management server for receiving the distribution re- 
quest; and in the case where the program to be distrib- 
uted is provided by the authorized contents server ac- 
quiring and transmitting the prog-am to the storage mod- 

40 ule built in or connected to the mobile terminal, charac- 
terized in that the storage modu:e includes a storage 
unit, and a control unit for receiving the information 
ftrougr- ;ru: -none tet-nina storms, tne information in 
the storage unit only in the case where the information 

40 is the program received from the distribution manage- 
ment server arts executing the program siored in the 
storage unit in response to a request 
[SOU) With these systems, only a program supplied 
through the distribution management server from an au- 

si? Ihorlzed contents server is written h the storage module 
and therefore, the user can write a new program in the 
storage module with guaranteed security. 

BRIEF DESCRIPTION OF THE DRAWINGS 

55 

[0012] 

Fig. 1 is a block diagram showing a configuration of 
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a program distribution system according to a first 
embodiment of" we invention. 
Fig. 2 snows tfce externa! appearance of a mobile 
terminal accc'2 ng to e same embodiment. 
Fig. 3 is -a bsDC-; diaQ/am s*owhg a conf.:;urahon of .5 
the same mottle terminal. 
Fig. 4 is a diagram showing a configuration of the 
same mobile terminal and the U!M built in or con- 
nected to it. 

Fig. 5 is a sequence diagram showing the process fo 
from program distribution to activation according to 
the same embodiment. 

Fig 6 is a sequence diagram showing the program 
distribution operation according to the same em- 
bodiment. 1S 
Fig 7 is a diagram showing a display screen of the 
mobile terminal at the time of program distribution. 
Fig 8 is a sequence diagram showing the program 
activation operation according to the same embod- 
iment m 
Fig, 9 is a sequence diagram showing the process- 
es of the program deactivation in compliance with 
a request from t«e contents server according to the 
same embodiment. 

Fig. 10 is a sequsnce diagram showing the process 2$ 
Of the program delete operation in compliance with 
a request from the contents server according to the 
same embodiment. 

Fig 11 is a sequence diagram showing the process 
of the program, deactivate operation and the pro- 30 
gram delete operation in compliance with a request 
f rom the distribution management server according 
to the same embodiment, 
Fig. 12 is a sequence diagram of the DM exchang- 
ing the version information according to the same 35 
embodiment 

Fig 1 3 is a sequence diagram showing the process 
ending in a program distribution failure due to a 
memory shortage. 

Fig 1 4 is a sequence diagram showing the process *e 
ending in a program distribution failure due to a 
memory error. 

Fig 15 is a diagram showing a display screen pro- 
vided to the user at the time of program deletion. 
Fig. 16 :s a diagram showing a display screen pro- «* 
vided to the use? at the time of account settlement 
tor an electronic commercial transaction. 
Fig. 1 7 is a diagram showing a display screen pro- 
vided to the user at the time of commodity purchase 

Fig. 1 3 is a diagram showing a display screen for 
setting the automatic program start. 
Figs. 19 and 20 are diagrams showing a display 
screen at the time of using a commutation pass. 
Fig. 21 is a biooic diagram showing a configuration 55 
cf a program dssmDuiion system according to a sec- 
ond embodiment ol the invention. 
Fig 22 is a diagram showing a configuration of a 



memory in the LJIM according to the same emboti- 

Fig. 23 is a block diagram showing a configuration 
of a distributor; management server 1 6A according 
to the same embodiment. 
Fg. 24 sasec-ence c-agrs- &*ow=f g tie siooess 
for registration in a user Information storage unit. 
Figs. 25 and 26 are sequence diagrams showing 
the operation of registering a program registered m 
the user information storage unit., m any oi the baste 
blocks of the UIM 12, 

Figs. 27 and 23 are sequence diagrams showing 
the operation of registering a progr am registered in 
the user information storage unit, in any of the basic 
pjopks of me ysM. 

Fig. 29 is a sequence diagram showing the opera- 
tion of deleting a program registered in the user in- 
formation storage unit 5 1 , 

Fig. 30 is a sequence diagram showing the opera- 
tion ef deleting a program registered in the basic 
blocks of the Ollvl . 

Fig, Sfjt is a sequence diagram showing the deacti- 
vation process for the user information storage unit. 
Fig. 32 is a sequence diagram showing the deacti- 
vation process forth© basic blocks. 

BEST MODE FOR CARRYING CUT THE INVENT -ON 

[0013] Now. preferred embodiments of the invention 
wili be explained with reference to the drawings, 

fl] Firs! embodiment 

[1,1] General configuration o? program distribution 
system 

[0014] Fig 1 is a biock diagram showing a configura- 
tion of a program distribution system according to a first 
embodiment of the Invention. 

[0015] A program distribution system 10 roughly com- 
prises a mobile terminal 11 : a radio base station 13, a 
switching station 14, a network mobile communication 
service ccrtmi l; - ; t'5 a d-sf ©.;lto-; management serv- 
er 18, a distribution service control unit 1 7, an authenti- 
cation server 1 8 r a contents sewer 1 9 and a public net- 
vyotjc.20. 

[0016] The mobile terminal 11 is an information 
processing unit, for example, having communication 
functions such as a portable telephone or a PHS (Per- 
sonal Handyphone System (registered trade name)) 
further; the mobile terminal n has mounted or built 
therein a UtM (User Identification Module) 12 capable 
of storing various programs or data 
(0017] The radio base station 1 3 communicates with 
the mobile terminal 11 through a radio fink 
[0018] The switching station 1 4 controls the switching 
operation oetween the mobile tannins! 11 and a com- 
mon channel interoffice signal network 20 constituting a 
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wire network, connected to each other through the radio 

base station i.T 

|0019] The network mobile communication service 
control unit IS controls the communication in the case 
where s program is distributed to the mobile terminal 11 
through the public networ k 20. 

[0020] T:-:e confers server " & atst'bues vsricsccn- 
tents on the one hand anc cutos a program as re- 
quested from the mobile terminal 11 on the other. 
[0021] The di&trioulion management server 16 relays 
ana manage* : ~o ::iv' ■ ovr. or or a program l-om '.necc- 
tsnts server 1 9 to !ho UIM 12 The oistribLtion of a pro- 
gram to the UtM 12 and access to a program stored in 
the UiM 12 are carried out always thro-gh me distribu- 
tion management server ~ 6. This ts the nest .significant 
feature of this embodiment. 

[0022] The distribution service control unit 1? oper- 
ates iike an interface between the distribution manage- 
ment serve- 16 and the public network 20 in the case 
where a program is distributed through the public net- 
work 20. 

(0023} The authentication server 18 is a device for is- 
suing a certificate required for program distribution to 
the contents server 19. This certificate includes a UIM 
public key having fh-e function of explaining, for the ben- 
efit of the UIM 12, that the contents server 19 is duly 
authorized to distribute a program to the UIM 12. and a 
distribution management server public key having the 
function of certifying, for the benefit of the distribution 
management server IS, that the contents server 19 is 
similarly authorized. 

$024] The contents se reef IS, the distribution man- 
agement server 16 and the authentication server i-8 ac- 
cording to this embodiment have the foiiow-ng f jnclions 
respectively. 

(3) According to this embodiment, the contents 
server 19 sends a program addressed to the UIM 
12, to the distributor, management server 1 6. which 
in turn distributes the program to the UIM 12. The 
contents server 19 never distributes the program di- 
rectly to the Ulfvt 12. 

(b) The contents server IS distributes a program to 
theUIM"2bve* v - ^ "\ ^ otapubiic- 
key type with (he distribution management server 
15 as sn intermediary. The UiW 12 of each user is 
equ ppud with a PKI (pubic k>y infrastructure) and 
eacn UIM 12 h:-* e U-M private key unique to the 
particular UIM "Z. For distributing a program ad- 
dressed tc a given UIM 12. lhe contents server 19 
acquires a UiM nub ic <ey paired with a UIM private 
key for the particular UiW! 12 whereby the program 
is encrypted 

(c) According to this invention, only an authorized 
contents server 19 can distribute a program ad- 
dressee; to me UIM 12 Trie authorized contents 
server 1 9 is assigned a distribution management 
server public key The contents server 19. upon re- 
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ceipt at a distribution request from the mobile ter- 
minal 11. further encryc-is. by the distribution man- 
agement server public key, the program already en- 
crypted by the UIM public key and addressee tc the 
s UIM 12. and sends if to the distribution manage- 
ment server 1 6 

11 ,2] Configuration of mobile terminal 

io [0025] Fig. 2 shows the external appearance of the 
mobile terminal 11. The mobile terminal 11 includes a 
display section 21 and an operating section 22. 
[0026] As shown in Fig 2. various processing menu 
items, the screen being browsed, the telephone number 

• -• - cn. etc are dispiayoa or It.? c so ay sec! -on 2'. 
[0027] t he operating section 22 has a plurality of op- 
erating buttons for inputting various data and displaying 
menu item screens. One of lhe operating buttons of the 
operating unit 22 is a UiM button 23. The UIM button 23 

so is operated by the user for utilizing a program stored in 
the UIM 12 

[0028] Fig. 3 Is a Wcck diagram showing a configura- 
tion of a mobile terminal,, 

[0023] The mobile terminal 11 includes a display soc- 

25 ttpn2i,an operating section 22, a control unii 31, a stor- 
age unit 32, an external equipment interface (l/F) unit 
33, a communication unit 34, a UiM interface {UFj unit 
35 and an voice input/output unit 36, 
[0030] The control unit 31 controls the various pads 

30 of the mobile terminal 11 based or the control daia and 
the control program stored in the storage unit 32. 
[0031] The storage unit 32 is configured of a ROM. a 
BAM, etc., and has a plurality of storage areas including 
a program storage area for storing various programs 

35 such as a browser for accessing an internet and a data 
storage area for storing various data. 
[0032] The exter nal equipment l/F unit 33 is an inter- 
face utilized by me control unit 31 and the UIM 12 for 
exchanging information with an external device. 

-«> [0033] The communication unit 34 transmits various 
data :nc:indi'-g audio a -;: test f-essages to U-o ac o 
base station 1 3 thr ough the antenna 34A under the con- 
trol of the control unit 31 on the one hand, and receives 
various data sent to the mobile terminal 1 1 through the 

4? antenna 34A on the other hand 

[0034] The UIM iff unit 35 inputs/outputs data from 
and to Ihe corUrol unit 31 . The UIM l/F unit 35 also out- 
puts the output data from the communication unit 34 or 
the external equipment l/F unit 33 to the UIM 12 without 

so the. intermediation of the control unit D1 Aiso. the output 
data of the UIM 12 is output directly to the external 
equipment l/F unit 33 or the communication unit 34 di- 
rectly without the intermediation of the control unit 31 . 
The reason wny the data are input/output from and to 

5S the external equipment l/F 33 or the communication, unit 
34 without the intermediation of the control unit 31 is in 
order to prevent an illegal access to the data on the UIM 
12 by the alteration pf the control program of the control 
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unst 31 and thus xo maintain security. 
(1 .3| Configuration c? UiM 

[0035] Fig. 4 snows a configuration of the UIM 12. in 
Fig. 4. a part o? ins component elements of the mobile 
tc-Tiw.i ■ • a'-- 1-- together with the component el- 
ernem of the UIM 12 to clarify the relation with the mo- 
bile terminal 1 1 . As shown in Fig 4. the IMM 12 includes 
« memory 12M, which in turn, roughly, has a system ar- 
es 12A and an application area 128. 
[0036] The system area 12A has stored therein per- 
sonal information data unique to each user such as sub- 
scriber number date, outgoing call history information 
dfida. incoming cast history information data, speech time 
iniormation data and a UIM private Key. The mobile ter- 
minal- 11 communicates with other communication units 
using the subscriber timber data in the system area 
12A as a- catling line identity. 

[O037J The application area 1 2B is for storing the pro- 
gram distributed and the data used at the lime of exe- 
cution of the program, and divided into a plurality of ba- 
sse blocks. In the case shown in Fig, 4, the application 
area 12B i© divided into she basic blocks 40-1 to 40-6. 
[0038] The basic blocks 40-1 to 40-6 each induce a 
program area 41 ana a data area 42. The program area 

41 of each sasic biock dO-khas stored therein a program 
(an application or an applet). The data area 42 of each 
basic block 40-k. on the ether hand has stored therein 
the data used at the time of executing the program in 
the program area 41 of the same basic block 40-k. 
[0039] The basic Slocks 40-1 to 40-6 are independent 
of each other, and are basically so managed that the 
application or the applet stored in the program area 41 
of a given basic block 40-j cannot access the data area 

42 of another basic block 40-k (* j) By employing this 
configuration, the security of each program is main- 
tained. Even in the case where data having a monetary 
value (what is called K a value") are recorded in the data 
area 42 of a given basic block 40-j : therefore, the par- 
t(cu:ardataisi:sv-2i 'ewiuen imem.ona yorrcicwr.la.- 
iy ; by a program stored in another basic block 40-k (> j). 
[CQ40] The application orthe applet constituting a pro- 
cram stored in the program area 41. on the other hand, 
cannot be distributed or deleted without the intermediary 
of the distribution management server 1 6. The data area 
42. however, can be operated directly through the dis- 
tribution management server 16 or a local terminal as 
in the case where she electronic money is downloaded 
from an ATM 

[00411 Further ins application area 12 has a storage 
area for an activation flag Indicating whether the pro- 
gram in the program area 41 of each of the basic blocks 
40-1 to 40-6 can be executed or not. 
[0042J The control unit 30 is a means for writing a pro- 
gram for the basic owe* of me application area 128, set- 
ting or resetting the activation fiag corresponding to 
each basic block or executing a program in a designated 



basic block, in response to a request given through the 
mobile terminal 11 . Upon arrival of a program encrypted 
by the UIM public key from the distribution management 
Server 1$. the control unit 30 decrypts the program using 
5 the UIM private key in the system ares 1 2 ana writes it 
in a basic block, Aiso, the control unit 30 can execute 
the program in the basic block. In the process, the infor - 
mation required by the program m execution is acquired 
from the other party of the comm u nicatio n in the- n etwork 
to or from the user of the mobile terminal 1 1 through the 
browser executed by the mobile terminal 11 .The control 
unit 30 can aiso send the result of program execution to 
the other party ot communication in the network or send 
is to the user of the mobile terminal 1 1 th rough the brows- 
is er. Also, the control unit 30 can exchange information 
with external devices through the hardware resources 
of the mobile terminal 11 without the intermediary of The 
browser in accordance with the program in the basic 
Woe*. An example of a program available for this pur- 
se pose is an application program for causing the mobile 
terminal 11 to function as a commutation pass. In exe- 
cuting this program, the control unit 3D can exchange 
the pass information with the card reader/writer at the 
gales of a railway station utilizing a short-range radio 
?£ unit (not shown) connected to the external equipment I/ 
F of the mobile terminal 30. The program forth e control 
unit 30 to perform the various processes described 
above, including the execution and control of the pro- 
gram in the application area is stored in the system area 
30 12A. 

[i .4) Operation of first embodiment 

[0043] New, the operation of the first embodiment wilt 
35 pe explained taking the distribution of the commutation 
pass applet as an example, 

[0044] Fig. 5 is a sequence diagram showing the p? qc- 
ess of program distribution, write operation and activa- 
tion, 

v-.i [0045) As shown, m -ig 6. those so es e* processes 
are roughly consigned of the step of distributing an in- 
active program (applet) as a memory module to the UIM 
12 and writing it in the uiM 12 (step S1) : and an activa- 
tion step for activating the program written (step S2). 

45 

[i .4 it Issue of certificate to distribution management 
server 

[0046] Fig. 6 isa'seqaencediagram showing the ps-oc- 
so ess cf distributing a program and writing it m !he UtM 
12 As shown in Fig 6 : the autheniication server 13 is- 
sues a certificate to the contents server 19 permitted to 
distribute the program addressed to the UIM 12 istep 
S11). The certificate is issued to enable the contents 
55 server 1 9 and the distribution management server 1 3 lo 
nerform the encryption communication based on the 
public key encrypt-o* method. Specifically, in order to 
make possible the encryption communication using a 
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public key a attribution management server private key 
and a distribution management server public key. con- 
stituting a pair, are generated. The distribution manage- 
ment server private key Is stored in the distribution man- 
agement server 16, Wiethe a strbut'on maiagemer-t 
server public key is transmitted hem the autheni realtor 
server 1 B to the contents server 13 as a certificate iden- 
tifying a person pen- tied to distribute a program. Trie 
contents server 19. upon receipt of the distribution man- 
agement server public key, stores it in preparation for 
program distribution; 

|1.4.2] Program distribution request 

[0047] The user can cause the centre; urtt 31 to exe- 
cute the browser and thus can access tne 'K.-rnrf cage 
of the contents provide: by oceraim:; me operatmp, sec- 
tion 22 of the mooile terminal 11 . As a result of this ac- 
cess, a distribution menu screen D1 r-jtcdting the pro- 
gram distribution, performed by the contents server 13 
of the contents provider is displayed, as shown in Pig. 
?, or, the display section 21 of the mobile terminal 11, 
Under this condition, the user transmits a program (ap- 
plet) distribution request from the mobile terminal 11 
through the network to she contents server 19 by oper- 
ating the operating section 22 of the mobile terminal 1 1 
(step SI 2). 

[1 4.3) Certificate issue request to UIM 

[0048J The contents server 19, upon receipt of a di^ 
tnbution request from the mobile terminal It, sends a 
cert ideate issue leqyest to the authenticaticn se-ver 18 
(step S12). This certificate issue request contains the 
inlon-oation tot specify mq the U'M 12 of the mobile ter- 
minal 11. The certificate issue is requested in order to 
enable the contents server 1 9 to conduct the encryption 
communication of public key type with the UIM 12 More 
specifically, in order to make possible the encryption 
communication of public Key type, the U!M private key 
and the U'M puc< : c Key paired with the forme' are gen- 
erated in advance, and the UIM private key is stored in 
the U!M 12 in advance, whiie the UIM public key is 
stored in the authentication serve' 1 8 in advance. In step 
Si2, the UtM public key stored in me authentication 
server 1 8 is requested as a certificate of a person per- 
muted to cismbute & program addressed io the UIM 1 2 

[1 4.4] issue of certificate and distribution of program 
with certificate to UiM 

[0049] The authentication server 18. upon receipt of 
a certificate issue request from the contents server 1:9, 
issues to the contents server 19a UIM public key as a 
certificate eorresoor-.emc; to the L V 12 specifies by me 
particular issue request (step S14). 
[0050] The contacts server 1 9 encn/prs fhe program 
of which distribution is requested, by use of the UIM pub- 



lic key corresponding to Ihe UIM 12. The program ob- 
tained by the encryption is considered a program with a 
certificate for a legitimate person authorized to access 
theUSM 12 

& [9051] Then, the proc/am e-cryp:ed by theUlM pub!*: 
-key is further a-cysted oy the co'ueits server 19 using 
:no Qtst- .cut on management server public key received 
from the authentication server 1 8 in advance. The pro- 
gram obtained by this encryption can be considered a 

to program having attached thereto both a certificate 
showing a legitimate person authorized to access the 
UIM 12 and a certificate showing a legitimate person au- 
thorized to distribute a program through the distribution 
management server 16. 

ts 

p .4.5] Program distribution 

[00521 The contents server 1 9 distributes the program 
obtained :>y mc HS-tKornentioned two encryption sss- 
■■0 sons. to me distribution .-anagec^-nt server f 6 through 
the network (stop S15). 

[00S3{ The distribution management server 16 de- 
crypts the encrypted program distributed from the con- 
tents server 19, using the distribution management 

25 server private key. Once this decryption succeeds, the 
program encrypted only by the UIM public key can be 
obtained, in this case, the contents server IS can se 
considered a legitimate person authorized to distribute 
a program addressed to the UiM 12. The distribution 

so management server 18 transmits the data on the screen 
02 shown m Fig. 7 to the mobile terminal 11 , and causes 
the data to be displayed on the display section 21 . This 
screen D2 is for making an inquiry at the user as; to 
whether the program can be distributee or not, 

35 

(1 .4.6} Writing In UIM 

[0054] After |fie user confirms fhe screen 02 and per • 
forms the operation through the operatingsection 22 for 

•»e permitting the program distribution, a notice to permit 
distribution is sent to the distribution management serv- 
er 16. The distribution management server 16, upon re- 
ceipt o! the notice, distributes to the UiM 1 2 the program 
obtained by decryption, i.e. the program encrypted by 

*s the um public key (step Si 6). 

[0055J This encrypted program is delivered as it is to 
the control unit 30 of the UIM 12 through the mobile ter- 
minal 11 Specifically, the mobile terminal 1 1 simply pro- 
vides the UIM 1 2 with the communication function. This 

s» operation by the mobile terminal 11 guarantees the se- 
cure transmission to and the secure write operation into 
the UiM 12, 

[0056] if the distribution management server IS is to 
send a program to the UIM 12 in the aforementicried 
55 jnanner, it is necessary forthe distribution management 
server 16 to establish a link with the UIM 12. This in turn 
requires the acquisition of the telephone number of the 
mobile terminal 11 with the UIM 12 connected thereto 
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or ouilt therein. 

[00S7] in one conceivable method to achieve this, at 
the- lime of issuing a distribution request from the mobile 
terminal 11 to the contents server 1S. the telephone 
number of the mcsns terminal 11 is caused to be trans- 
mitted to the contents server 1 9 which seres this tele- 
phone number to tra cisl-'teut^o". marageme'-t sever 
18. In this way, the distribution management s&tver 16 
can access the mcbl-e terminal 11 using the telephone 
number sent to it, and thus can distribute the program 
addressed to the UiM 12 

[0058] Another available method is described below. 
Specifically, in advance of issuing a distribution request 
irom the mobile terminal 11 lo the contents sewer 19, 
an identifier is determined between the mobile terminal 
1i and the distribution management server 18 in place 
of the telephone number of the mobile terminal 11, sc 
that the distribution management server 16 stores the 
telephone number and the identifier as information cor- 
responding to each other. The -mobile terminal 11 sends 
a distribution request containing tne identifier to thecon- 
tcnta server 19, which In turn attaches the identifier to a 
program when sending the program lo the distribution 
management server 16 The distribution management 
server 18 determines the telephone number of the mo- 
bile terminal 11 from the identifier, and basse on this tel- 
ephone number, calls tne mobile terminal 1 1 and distrib- 
utes the program addressed to the UIM 12 This melhod 
has the advantage that the need is eliminated of notify - 
ing the telephone number ol the mobile terminal 11 to 
the contents server 19. 

[0059] The control unit 30 of the UIM 1 2. upon receipt 
of a program encrypted by the UIM public key inlne 
mannerdescribsd above, decrypts the program using a 
UIM private key paired with the particular UIM public 
key. Once this decryption ends in success, a program 
is obtained in the form of an ordinary text not encrypted. 
In this case, the contents server 19 making up the origin 
is considered a parson duty authorized to distribute a 
program lo the UiM 12. The UIM 12 writes the program 
obtained by decryption, in the appropriate one of the ba- 
sic blocks 40-1 to 40-6 of the memory. 
[0060] During this write operation, the screen 03 
shown in Fig. 7 is displayed by the mobile terminal 11 , 

[1 4 7) Write completion response 

[0061] At the end ot the program write operation, the 
control unit 30 of the UIM 12 transmits a write completion 
notice to the distribution management server 1 6 togeth- 
er with the information specifying the basic block having 
the particular program written therein (step SI?). 
[0062] In the process, tne seas'- 04 indicating ina; 
the write operation -s csmoiete (tne registration is over) 
is displayed, as shown in Fig. 7. on the display section 
?1 of the mob:le terminal 11 After that the screen is 
again turned to Di by the user operation 



[1,4.8] Distribution completion notice 

(0063] "'he d strlbuticn management server, upon re- 
eeipl o! a program write completion notice from the UIM 

3 12, registers the Information specifying the written pro- 
gram in a data base as information corresponding to the 
information indicating the basic block of the UIM 12 rn 
which the particular program is written 
[0064] 3y accessing to the data base, the distribution 

to management server 18 can easily grasp the program 
stored in each of all the basic blocks 40-1 to 40-6 of the 
UIM 12. 

[G06S] The distribution management server 16, upon 
distribution of a program into the UIM 12. starts the 

*s charge process against thecodonts provider c-t the con- 
tents server 19 from which the program is distributed. 
The timing of starting the charge process is not limited 
tows b»! -"ay l-;; coincident wit n I no hrmr c of activation 
described later. 

so [0066] The contents provider areclwged against the 
following items. 
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blocks in UIM 12 



fs [0067] Upon distribution of a program from the con- 
tents server 19 to the UiM 1 2, the padicularprcgrem Is 
stored in one of the basic blocks 40-1 to 40-6 in the UIM 
12. The particular basic block can be considered to be 
rented to the contents provider owning the contents 

30 server 1 9 for storing the program. Thus, a charge cor- 
responding to tne rental period, i.e. the period during 
which the program is stored in the basic clock is made 
against the contents provider as a rental charge. 



35 (by 

[0068] Trie program transmitted from the contents 
saarer 19 is distributed to the UIM 12 through the proc- 
ess in the distribution management sewer 16. A consid-- 
40 eration for the process performed by the distribution 
management server 1 6 is charged against the contents 
provider as a tr ansaction fee 

[0069] The user of the UiM 12 receives the service in 
terms of the distribution ot a program from the convents 

45 server 19. and therefore is required to pay the charge 
in consideration of the service Tne distribution manage- 
ment server W may collect the service charge from the 
user on behalf of the contents provider together with the 
communication charge for the user, and delivers ths eol- 

5£> iected service charge to I he contents provider in the 
character of what might be called 8 "factor", in this case, 
the charge made against the contents provider may con- 
tain the factoring fee. 

[0O70] Upon complete program distribution, the tilstri- 
55 button management server 16 notifies the contents 
server 19 (step Si 8) 
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[1 4,9] Activation 

[06711 The program distributed 10 ihe JIM 12 and 
stored in tne basic biock can no: fee executed t:y -he user 
before activation. 

[0072] The user only receives the distribution but is 
not permitted :o execute mo ro^dm dismbuted to him 
in order to enable the contents provider to control the 
program execution start time. 
[0073] The activation is effectively utilized, for exam- 
ple, in the case where mo time to start the use of a newly 
marketed game program is determined. By use cA the 
activation. Ihe release: ctate program distribution date) 
and the date to start to use (activation date) can be set 
separately from each cmor thereoy making it possible 
to recuce the load on the contents server 19. 
[0074| Another example is a case in which the pro- 
gram for using the mobile tormina! 11 as a commutation 
pass is distributed io the UIM 12. In this case, the acti- 
vation is utilized io make the program executable from 
the first -date of the term of validity of the commutation 
pass. 

[GD75] the operation for activation will be explained 
below with reference to Fig. 8. 

{1 .4.5.1] Activation request to distribution management 
server 

[0076] Whenever the activation becomes necessary 
for a given program, the contents server 19 sends an 
activation request to the distribution management serv- 
er 16 (step S21). This activation request contains the 
information specifying a program io be activated. Also, 
in the case where only the program stored in the UiM 
12 of a specific user is activated, the activation request 
contains the identifier (the telephone number of the mo- 
bite terminal 1 1 or an alternative identifier) ot the partic- 
ular user 

[1 4.9.2| Activation request to UiM 

[0077) The distribution management soivo' U> upon 
receiat of an activation request, issues an activation re- 
quest to the UiM 1 2. of the mobile (emunal ■ 1 (step S22). 
As already described, the information specifying the 
written program is registered In the data base of the dis- 
tribution management server 16 as information corre- 
sponding to the information indicating the basic, block of 
the UIM 12 in which the program is wntten. The distri- 
bution management server 16. upon receipt of the acti- 
vation request refers to the particular data base and de- 
termines the UiM 1 2 to which the program to be activat- 
ed is distributed and the basic block in which the pro- 
gram is written. i« the case where the same program 
stored In a plurality of UlMs 12 is activated: as many 
activation processes as the UIMs 1? are performed 
Far.' mobile terminal 1 1 in which the corresponding U IM 
12 is mounted or auilt is accessed, and ar activation 



request is sen! to ihe UIM 12. The activation request 
sentto each mobile terminal 11 contains the information 
specifying the basic block having stored therein the pro- 
gram to be activated. 

s [0076) This activation request, when received by the 
mobile terminal 11, is directly sent to Ihe UIM 12. The 
control unit 30 of the UiM 1 2 executes the activation In 
accorcancewimtne ao.va: on ieq„ost Ssoohcatly. the 
UiM 12 sets the activation flag from '0" to "1" tor the 

re basic block specified by Ihe activation request The con - 
trol j "it 3C o' me UM ' 2 responds tc a ioqjos' if any 
to execute- mo crop- am sto-od a "a: ca^io bock -.vr.ii 
the activation flag turned "i". A request, if any, to exe- 
cute the program in the basic biocK with the activation 

H flag "0*. however, is rejected. 

[i .4.9.3] Activation end response 

[0079J The Ultvl 12. upon compiete program acliva- 
so tion. transmits *.>•■ activation end notice to Ihe distribution 
management server 1.6 (stepS23> This notice contains 
the information specifying the program of which the ac- 
tivation is ended : or more specifically: the information 
specifying tho basic biock storing the particular pre- 
ss gram. 

(1.4.9.4) Activation completion notice 

[0080] The distribution management server 1 6, upon 

30 receipt of the activation completion not ice from the U IM 
12, determines the basic block of Ihe UM 12 in which 
the completely activated program is stored. The infor- 
mation to the effect that the activation Is completed Is 
registered >n the storage area in the data base prepared 

3$ for the particular basic block. 

[0081] As the result of this registration, the distribution 
management server 16 can grasp, by accessing the da- 
ta base, whether each program in the basic blocks 40-1 
tc 40-6 is activated or not lor at! the IJIMs 12. 

■>o [0882) Upon registration of activation completion for 
all the UIMs to which the program of which the activation 
is requested are distributed, the distribution manage- 
ment server 16 notifies the contents server 1 9 that the 
program activat-oa * compio-'.e ;?tcp ?:■'■') 'his notice 

*s contains the Information specifying tho prcaan aha: <,a$ 
been activated. 

(1.4.10) Deactivation 

*e [0083] The program distributed to the UIM 12 and ac- 
tivated may require deactivation. This requirement oc- 
curs, for example, in a case whore a program for the 
mobile terminal 1 1 to function as a credit card is stored 
in the. UIM 12. and the user has lost the particular UiM 

55 12, In such a case, the deactivation is started m re- 
sponse to the reouest from the user infor med of the loss. 
Othe' exampies include a case m which me „se - thai 
has received a service has failed to pay the service 
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charge be-'om the aue date, in such a case, at the re- 
quest of -he contents provider providing such a service, 
•he deactivation cf the program for receiving the partic- 
uiar serves cars be started 

[0084] The deactivation process wiii be explained be- 
icw with reference to Fig. 9 

[1 4.10.1] Deactivation request to distribution 
management server 

[00S5J The contents server 1 9 : whenever required to 
deactivate a program distributed to a U!M 12. sends a 
deactivation request lo the distribution management 
server 1 6 specifying the particular UiM 1 2 and the pro- 
:T"-~i to be deactivated (step S3i » 

[1 .4.10.2] Deactivation request to U!M 

[0086] The dislribulian management server 16, upon 
receipt of this deactivation request, accesses the data . 
Case and determines that basic bloc* in the U!M 12 
specified ay the deactivation request which stores the 
program to be deactivated. Then, the distribution man- 
agement server i g sends a deactivation request to the 
mobiie terminal tl in which the particular Uitvi 12 is 
mounted or bum (step S32). This deactivation request 
■-■ont^ins the information specifying the basic Week stor- 
ing the program to be deactivated. 
l (mr i ] ■■i'x:\^.-~uoti request is sent to the (JrM 1? 
through the mobile termineJ 11 . The activation fiag ore- 
pared for the basic block specified by the deactivation 
request is reset from «1 " to a 0" by the U !M 12. After that 
the execution of the program in this particular basic 
block is prohibited. 

ft .4.10.3] Deactivation and response 

[0088] The UiM 12, upon termination of the program 
deactivation, notifies the distribution management serv- 
er 16 (step S33). This notice contains the intotrrs alios? 
specifying the program which has been deactivated, or 
specifically, the information specifying the basic block 
storing the program, 

[i 4.10.4] Deactivation completion notice 

[0089] The distribution management server is, yp on 
receipt cf a program deactivation end notice from the 
UiW 12. determines, based on the notice, the basic 
block of the UliVI 12 storing the program of which the 
deac .vatlon has oee* completed The information to the 
effect that the deactivation is complete is registered in 
the storage area of the data base prepared ior the par- 
ticular basic block, 

[0090] Upon registration of completion of the deacti- 
vation, the distribution management server 16 notifies 
the contents server IS of ihe completion of the deacti- 
vate titer S34) 



[14.11 ] Deieiion (only when desired by user) 

[0091] A deactivated program wastefuily occupies a 
memory area in the UiM 12. it is desirable for both the 
user and the contents provider lo delete such an unnec- 
essary program. The deletion of the program, however, 
cannot be left to the user, jf the user arbitrarily deletes 
the program in the UiM 12, the rent charging process 
•or the UliVS would continue to proceed in spite cf tne 
program deletion unless the fact of deletion is notified 
to the d'Str-out-cn managon-en; server "6 imme-a 
[0092] According to this embodiment, therefore, 
whenever the user desifes to delete a program, the pro- 
gram is deleted unctorthecortro! cf the distribution man- 
's agoment server 16. 

[0093] A deieiion. based on a reason on yie side of 
the contents provider, is basically not permrtled due to 
the result r.g complication o! the charging process. 
[0094] The operation of deleting a program in rs- 
20 spouse to the desire of the use: wilibe explained below 
With reference to Figs,. 10 and IS. 

[1,4.11.1] Program deletion request 

[0095] The user accesses a predetermined home 
page of the contents provider by operating the operating 
section 22 of the mobile terminal 1 1 A distribution n or 
screen D11 shown in Fig 15 is displayed on the display 
screen of the display section 21 of the mobile terminal 
Sit n . This distribution menu screen D1 1 is provided by the 
contents server 19 of the contents provider distributing 
the program. When the user selects a menu item mean- 
ing the deletion of a program., a screen 01 2 asking ike 
user whetherthe deieiion can be carried out is displayed 
si? on the display section 21 of the mobile terminal 1 T as 
shown in Fig. 15. 

[0096] The user performs the operation permitting the 
deletion The mobile tenr.inal 11 transmits a program 
(appiet) deletion request tc the contents server 19 
*o through the network (step S41) This request contains 
the information specifying the program to be deleted. 
[0057] With the transmission o! a program deletion re- 
quest, a screen 013 indicating that the deletion is going 
on, is displayed as shown in Fig. 16 on the display sec- 
*f tion 21 of the mobile terminal 1 1 . 

|i 41 1.2] Deactivation request to distribution 
management server 

so [0096] The contents server 1 S, upon receipt of a pro- 
gram deletion request, sends a deactivation request to 
the distribution management server i s (stop S42). This 
deactivation request contains tne information specifying 
(he mobile terminal 11 of the user requesting the pro- 
&5 gram deletion and the information specifying the pro- 
gram to be deleted 
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[0099] T-va •;: s'.-fc don management se-ve- = o 
receipt oi * deactivation request, accesses the data- 
base and determines a basic b'oek storing :ne p-cpram 
tc be deleted. Then, ^distribution management server 
i e sends a deactivation request containing tns irforma- 
h0 ;K ' < e> teuiar basic block to the mobile 
terminal 11 of the use? requesting the program deletion 
(step S43). 

[01001 This deactivation request ssem otno JIM12 
though me mobile terminal 11. The UIM I2resets, from 
"V to "C the activation flag prepared for the basic block 
specified by tne deactivation request. After that the ex- 
ecution of the program m tne particular basic block is 
prohibited 

[1 4.11 A\ Deactivation end response 

[0101] The UIM 1 2. at the end or the program deacti - 
vation, transmits a deactivation end notice to the distri - 
bution management server IS (step S44). This notice 
contains the information specifying the basic block stor- 
ing the program deactivated 

[1 .4.11 .S'j Deactivation end notice 

[0102] The distribution management server 1 6 ; upon 
receipt of the program deactivation end notice from tne 
UiM 12, registers the information to the effect that the 
deactivation is complete, in the area of the data base 
correspondingto the basic block of the UIM 12 specified 
by the deactivation end notice. 
[0103] The distribution management server i 6 sends 
a program deactivation end notice to the contents server 
19 (step S4S) 

St 4.1 1 .6] Deletion request to distribution management 



[01 04] The contents server 1 ?> . upon receipt of the de- 
activation end notice for the program to be deleted, from 
tne distribution management server 16, requests the 
distribution management server is to delete the partic- 
ular program (step SSI). 

f t 4.11 .7] Deletion request to UIM 



[0105} The cistrbuhon management server 16, upon 
receipt of tne program deletion request, sends a pro- so 
gram deletion request to the UIM 1£ of the user who 
requests the program deletion (stepS52). This program 
deletion request contains the information specifying the 
basic block storing the program to be deleted. 
[0106] The program deletion request is sent -to the ss 
UiM 12 through the mobile terminal 11 The UIM 12 de- 
letes the program in she basic block specified by the pro- 
gram deletion reddest 



[1 4.11 .8] Deletion end response 

[01071 The UIM 12. atthe end of the program deletion, 
transmits a deletion end notice indicating the program 
s deletion to the distribution management server 1 6 (Step 
353} - This deletion end notice contains the information 
soeotyng tne baste clock irom which the program is de- 
leted and the program deleted At the same time, a 
screen 014 indicating the end of deletion is displayed 
w as shown in Fig 15. on the display section 21 of the 
mobile terminal 11. 

[1.4.11,91 Deletion completion notice 

is [0108J The distribution management server 16. upon 
receipt of tne deletion end notice from the UiM 12, reg- 
isters the information to the effect that the program has 
oesr! oeieted in the storage area in the data base cor- 
responding to the combination of the user requesting the 
2c deletion and the program deleted. 

[0109] Then, the distribution management server 16 
sends to the contents server the notice that the program 
deletion is complete (step S54) 
[01 10] !n the case where the charge process against 
25 the contents provider has seen made for the program 
deleted, the distribution management server ceases to 
charge the contents provider thereafter. 

[1 ,4 1 2]. Deletion (only when desired by distributor 
30 management server) 

[01 1 1 ] According to this embodiment, a program may 
be deleted by other than the intention of the user. An 
example is the expiry of a predetermined term during 
which a orogram car be used. 
[01 12] eperation for deleting a program under the 
guidance of the distribution management server in such 
a case will be described below with reference to Fig 1 1 

40 [1 .4.12.1 ) Deactivation request to UIM 

[0113] If the usable term of a program has expired and 
the program is required to be deleted, the distribution 
management server ; 6. by accessing the data base, de- 
termines ail the UlsVts 12 to which the program to be de- 
leted has been distributed and the basic clocks storing 
the program to be deieled in each of the UIMs 12, and 
sends a deactivation request to each of the UIMs 12 
(step S61). Each deactivation request contains the in- 
formation specifying the basic block storing the program 
to bo deleted. 

sent to each UiM 
11. The UIM 12 resets, 



{H1 14) The deactivation request 
12 through the mobiie terminal 1 i . 
from "1" to "0\ the activation flag corresponding to the 
basic block specified by the deactivation request. After 
that the execution of me program in the particular basse 
block is prohibited 
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[1.4,12 2j Deactivation end response (step S73). 

[8124) At the same time, the distribution management 
F>,,5] Al me eno o < on ft ; UIM i2 sew ceases the charging process which may have 

{rsnsm!ts a deactivation end notice to the distribution hitherto been made «gainst the contents provider to r the 
management serve- 1 6 (step S62). s deleted program. 



[1 4 12.3] Deactivation completion notice 

[3116] r; s: i:.\:':on r"..-!v^g;;-niDi : <e:ve ? IS upon 

receipt of the J-.-: ' vj-U^-r en.; "Mi.,.:- fro-: mo party to 
which tne program to be deleted has been distributed, 
reqisters the information indicating the completion ot the 
deactivation in the storage area of the data base formed 
for the particular program. 

[01171 The distribution management server 16 senas 
a program deactivation oompietion notice to the con- 
tents, server 19 (step S63). 

[i 4 12 4] Notification of deactivation completion notice 
receipt to distribution management server 

[01 1 8] The contents server 1 6, upon receipt o? the de- 
activation completion notice from tne distribution man- 
agement server 16 ; sends a deactivation receipt notice 
So the distribution management server 16 (step S64). 

(1 4 "2 SI Deletion request to UiM 

[6119] The ststribution management server 16. upon 
receipt of the deactivation receipt notice, sends a pro- 
gram deletion request to the mobile terminal 1 1 that has 
transmitted the deactivation completion notice corre- 
sponding to the deactivation receipt notice (step S71). 
The deletion request sent to the mobile terminal 11 con- 
tains the information specifying the basic block storing 
the program to be deleted. 

[0120] The UiM 12, upon receipt of the deletion re- 
quest through the mobile terminal 11. deletes the pro- 
gram m the basse block specified by the request 

[1 4.12.6] Deletion end response 

[01 21 ] The UiM 1 2. at the end of the program deletion, 
transmits a deletion end notice to the distribution man- 
agement server 16 -step S72). This notice contains the 
information specifying the basic block trom which the 
program has been deleted. 

ji 4.12.7] Deletion completion notice 

[01 22] The distribution management server 16 : upon 
receipt of the deletion end notice from an the parties tc 
which the program to bo deleted has been distributed, 
registers the information to the effect that tne program 
has been deleted, in the storage area of the data base 
formed for the particular program to be deleted. 
(0123] The distribution management server 1 8 sends 
a deletion completion notice to the contents server 19 



[1.4,13.8] Deletion result receipt notice So distribution 
management Server 

■«» [0125] The contents server IS. upon receipt of the cie- 
io: c ' c;r-p t 5iio- nclco to-: H e disf bji'iy manage 
•merit server 16. sends a deletion result receipt notice to 
the distribution management server 16 (step 874) 

*s [1 .4.13) Program distribution process for UIM version 
management 

[0126] The contents server 19 may be required to dis- 
tribute a program v<..luna--:y regardless of the desire on 

& the part ot the user An upgrade of the program that has 
been distributed is a case in point 
[0127] In such a case, the distribution of the program 
of a new version to the UIMs 12 of alt the users to which 
the particular program has been distributed gives rise to 

•as an inconvenience. This is by reason of the fact that the 
mobile terminals 11 are of various models, and tb© UtM: 
specifications have various versions, it may 'happen, 
therefore, that a program of a new version, if sent to all 
the UttVfs. can be executed normally only by the U SMs 

30 having a version issued at a certain time p dint or there - 
after. 

[0128) According to this embodiment, at each time of 
an upgrade ot a program, a version notice request is 
sent to the Uifvts and based on the response to the re- 

•35 quest, it is determined whether the program is to be dis- 
tributed or not to a given UiM. This operation is shewn 
in Fig. 12. Some of theUIMs 12 support the function of 
notifying the version (hereof in response to the version 
notice request, and others do not. Fig. 1 2 shows the ap- 

*o eration performed in ths case where a version notice 
request has been sent to a UIM supporting such a func- 
tion and the operation performed in the case where a 
version notice request has been sent to a UIM not sup- 
porting the function 

45 

[i .4.13,1 j Operation for UIM supporting version notice 
function 

[1.4.13. 1.1] Program distribution request to distribution 
$0 management server 

[0120] Prior to distribution of a program after upgrade, 
the contents server 1 S sends to the distribution manage- 
merit server 16 a program distribution request contain- 
55 mg the information specifying the program and the ver- 
sion intomiator indies: ng the version of the DIM 12 that 
can execute the particular program (siep S81 ) 
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51.4.13 1 .21 Version notice request to UiM 

[S130] The distributor, -r-aragencm serve-' IB. upon 
receipt of the pfoc-ar; distreu-ion -eauest accesses re 
data base, determines ai! ?r,e mcbiis tormina's 11 to 5 
which tne program specified by the program distribution 
request has been distributed, and sends a versiolt no- 
tice request to the mobile terminals 11 thus ceta-mined 
(step S82). 

ra 

[■■ 4 13.1 .3) Version "otice 

[0131] The version notice request is sent to each U!M 
12 thrc ugh the mobile terminal 11, The UIM 12, upon 
receipt cf the version notice request notifies the version >s 
thereof to the distribution management server 15 (step 
S83) 

M 4.13.1 .4) No program distribution notice 

ft>n«l The distribution management server 16 re- 
ceives a version notice from each UiM 12. In the case 
where the version notice received from a given UIM 12 
faiis to meet the conditions indicated by the version in- 
formation from the contents server 19. the contents & 
server- 19 is notified that the program cannot be distrib- 
uted to the particular JIM 12 (step S84). 
[01 33J in the esse where the version notice received 
from anothergiven UIM 12meets the conditions indicat- 
ed by the version information from the contents server 30 
19, on the other band, the distribution management 
server 16 distributes the program to the particular UIM 
12. This operation is described above with reference to 
Figs. 6 and 8. 

(1 4.13.2} Operation for UIM not supporting version 
notice function 

[1 4.13.2.1] Program distribution request to distribution 
management serve-' 40 

[01 34] The contents server 1 9 sends a program dis- 
tribution request to the distribution management server 
16 in the same manner as described above (step S91). 

43 

j.1 4.13 2.2! Version notice request to UiM 

[0135] The distribution management server 1 6 sends 
a version notice request to the UIM 12 of the mobile ter- 
minal 11 {step S92V 50 

[1 4.13.2.3) Timer count 

[01 ZS) in this case, the UIM 1 2 does not support the 
version notice function, and therefore makes no re- 35 
sponse 

[0137] Thus, the attribution management server 16 
monitors the rmoi and upon expiry of a predetermined 



time-oot period (step S93), sends a version notice re- 
quest again to the UIM 1 2 of the mobile terminal 1 1 (step 
S94), Then, the value on the retry counter is increment- 
ed by one, 

[0138) In a similar fashion, the distribution manage- 
ment server 16 monitors the timer, and upon expiry of a 
predetermined time-out period (step S95; ; sends a ver- 
sion nctiee request again to the UIM 12 of the mobile 
terminal 11 (step §96). Then . the value of the retry caun - 
ter is incremented by one 

[-.4.13:2.4! No program distribution notice 

[0139J Once again, the distribution management 
server 16 monitors the timer, and upon expiry of a pre- 
.;o!orr. rod * \a- <:.-;: (step tS97; so-;;s ■-. version 

notice request again to tne UIM 12 of the mobile terminal 
11 (step S98). Then, tie value on tne retry counter is 
incremented by one. 

[0140) In the case wfietethe figure on the retry coun- 
ter reaches a predetermined value {3 in this case), the 
distribution management server 1 6 determines that the 
version of the UiM 12 faiis to meet the conditions for the 
version notified from the contents server 1 9, and sends 
a no-program distribution notice to the contents server 
19 (step S84) 

[0141] As a result, the contents server 19 eonSrms 
that the program cf which distribution is desired, cannot 
be distributed 

[i .4,14} Program distribution process based on UiM 
memory capacity limitation 

[01 42] The limitation of the memory capacity of the 
UIM 1 2 may make the program distribution impossible, 
even it desired by the contents server 19. An example 
cf the operation performed in such a case is shown in 
Fig. 13. This operation will be expiamed below. 

[1 .4.14.1 j Rejection by distribution management server 

[0143] The contents server 1 9 requests the distribu- 
tion management server 16, by attaching the program 
to be distributed, to send a program distribution request 
to the UIM 12 (step Si 01). 

J0144] The information indicating the memory state of 
each UIM is registered in the database of the distribution 
management server 18. The distribution management 
server 16, Upon receipt of the program distribution re- 
quest to a given UIM 12, accesses the data base, and 
aetemvnes whether the basic block for the particular 
UIM 12 rs available for storage, or if available, is too 
small in capacity to store the program {the capacity may 
vary from one version to another of UIM) or whether 
there is any other stumbling block to the program distri- 
bution-. 

(0145) In the case where She program cannot be dis- 
tributed, the distribution management sewer 16 sends 
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* r:f) * Cf? to the contents server 1 8 that the program can- 
no: be distributed due to the shortage of the memory 
capacity (step S1C2) 

[0146] As a resist, the contents server 19 confirms 
that the program for which distribution is desired, cannot 
os districted. 

[■ ,4.14.2) Rejection by UiM 

[0147] The memory capacity and the current occu- 
pancy state of each UHW 12 are registered in the data- 
base of the distribution management server 16 For 
some reason or other, however the actual UIM .memory 
state may differ iron the memory state registered in the 
database of the d:s: : *ut;on nw-agomerf server "6 : no 
operation performed <n such a case ■& described below. 
[Q1 48] First, trie contents server 1 9 sends a program 
distribution request together with a program to the dis- 
tribution management server 16 {step SHI). 
[0148] The distribution management server 16 ac- 
cesses the data base and determines whether the basic 
block of the destination UIM 12 is available for storage 
end hes s sufficient capacity. 

[0150] In the case where the determination is YES, 
the distribution management server 16 sends a write re- 
quest together with the program to the UIM 12 (step 
S112). 

[0151] The UiM 1-2 that has received the write request 
determines whether the program attached to the write 
request can be stored in any one of the basic blocks or 
not, in the ease where the determination is NO. the UIM 
12 sends a no-prog ran dtslribution notice to the distri- 
bution management server 16 due to lack cf memory 
capacity (siepSHS). 

[C-1 5Sj The distribution management server 16 upon 
receipt of the no-program distribution notice due to tack 
o? memory capacity, sends it to the contents server 19 
{step S114) 

[01 S3] From this notice, the contents server 19 can 
confirm that the program cannot be distributed to the 
UiM to which the distribution is desired. 
[0154] It may aiso happen that a program cannot be 
stored in a basic block due to a write error m the memory 
of the UIM 12 or the malfunction of the memory device, 
in such a case exact iy the same operation as described 
above is performed. Fig. 14 shows such an operation, 
in Fig. 14, steps SI :?1 to S124 correspond to steps S1 11 
to SH4 in Rg 13 and represent exactly the same op- 
eration, respectively 

[1 4.15) Specific exanpls <$f operation 

[0155] Now. a specific example of the operation ac- 
cording To this embodiment will be explained. 

[1 4.15 1) Execution of program stored in UIM 



program called " O O RAILWAY" is stored in the basic 
block 40-1 of the UIM 12 

I01S7J The user operates the operating section 22 of 
the mobile terminal 11 and thus accesses the home 

5 page of the contents provider- that has distributed the 
"(DO RAILWAY" program. A distribution menu screen 
D21 as shown j n Fig. 16 is displayed on the display 
screen of the display section 21 . This distribution menu 
screen D21 is provided by the contents server 19 of the 

10 contents provider The user performs the operation for 
selecting an item concerning the purchase of a commu- 
tation pass from the menu displayed on trie distribution 
menu screen D21 . A purchase request for the commu- 
tation pass Is transmitted from the mobile iermina! 1 1 to 

fs the contents server 1 9 through the network. 

10158] As a result, a download screen 022 is sent 
from the contents server 19 to the mobile terminal 11 
and displayed on tns display section 21 . The download 
screen 02? contains a menu of several value data hav- 
20 *ng the same monetary vatue as the commutation pass. 
[01 53} Once the user selects the desired value date , 
the information requesting the selected value data Is 
sent to the contents server 1 9 from the mobile terminal 
11. 

25 [0160] After that, the contents server 19 sends to the 
mobile terminal 11 the screen data for selecting a meth- 
od of account settlement. As a result, a screen 023 is 
displayed by the mobile terminal 11 The user selects 
"SELECT FROM UiM MENU" from the menu items in 

30 the screen D23, and thus car; settle the account by use 
of the program in the UiM 12 Specifically, once this se- 
lect operation is performed, the UIM 12 is notified of the 
fact. Upon receipt of this notice, the control unit of the 
UiM 12 returns to the mobile terminal 11 the list of the 

35 programs stored in the basic blocks 40-1 to 40-6. The 
screen 024 containing this list is displayed on the dis- 
play section 21 of the mobile terminal 11 . The user se- 
lects a settlement program from the list. The selected 
program is executed by the UIM 12 thereby to settle the 

*o account, 

[0161] Assume mat fhe account Is settled by execut- 
ing the program in the program area 41 of the basic 
block 40-2. the data area 42 of fhe same basic block 
40-2 is used for settling the account. 

45 pJt62] Tbe contents server 19. upon detection that 
the account has been settled, sends the valua data of 
the commutation pass included in the commutation pass 
purchase request desoribed above, to the mobile termi- 
nal 1 1 . This value data contains the information such as 

so the names of the two stations involved, the validity ter m, 
the name of the user and the age of the user and are 
sent from the mobiie terminal 11 to the UIM 12 The val- 
ue data, which are to be used for the "CO RAILWAY'' 
program, are stored in the data area 42 cf the basic 

55 block 40-1 corresponding to the same data in the t .iiM 
12, 



[01 56] In this example of an operation, assume that a 
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[1 .4.15.2) Mai! order sale using network 

[01631 in this example of at? operation, a program lor 
a mail order sate .s s-tored m the basic block 40-2 of the 
UiW 12. 5 
[0164) The user accesses the home page of the con- 
sents provider by operating the operating section 22 of 
tr?s mobile terminal 11. so that a distribution menu 
screen D31 shown tr- Fig. 17 is displayed on the display 
section 21 of the mobile terminal H . This distrsbufioh ip 
menu screen D31 is provided by the contents sefver 19 
o> the contents pfovxter which in turn provides the mail 
order me (wtvt; is ca'icd '*-corr~:o'-oe''; botvco utih/- 
i !K , the network The jser sheets T c iie v'rt commodity 
(MATSUZAKA 3EEF FOR SUKIYAKi. Y500G/KG. in « 
Fig 17) from the commodities listed in the distribution 
menu screen D31 Then, a purchase request is trans- 
ited from the motile terminal 1 1 to the contents server 
19 through the network 

{dim] The contents server 19 that has received the sc 
purchase request returns a settlement method screen 
032 to the mobile terminal 11 As a result s select 
screen D32 is displayed on the display section 21 
[0166] Prom the settlement methods listed in the se- 
lect screen Q32, the user is assumed to have selected 
"XX mm". The settlement program for XX Bank stored 
in the basic block 40-3 of the UIM 12 is started by the 
control unit 30 of the UIM t2 and a settlemsnt screen 
□34 is displayed. 

[0167] Th© user inputs the personal identification ((D) 3 
number as settlement information. The mobile terminal 
11 tries to connect the settlement server for XX Bank 
through a communication unit 34 and the network, so 
that the screen 035 being accessed is displayed. 
[0168] Upon complete authentication, a purchase 3 
amount confirmation screen D36 is displayed. 
[0169] The user confirms the amount lo be paid and 
inputs the confirmation. The mobile terminal 11 displays 
a payment confirmation screen 03? of the contents pro- 
vider, i.e. the mail order house together with the delivery 
date, etc 

[t .4.15.31 Use of commutation pass (check gale 
passage, manual start) 

[0170] According to this embodiment, the mobile ter- 
minal 11 can be used as a commutation pass by storing 
an appropriate program in the UIM 12. An example of 
ooeia'Jon will be explained below. 
[0171] First, the user depresses a button 23 A UIM 
menu screen 04 1 shown in Fig. 18 is displayed on the 
display section 2" . The use? selects "OO RAILWAY" for 
which the commutation pass is used. As a result., the 
control unit 30 of the UIM 1 2 executes the OO RAILWAY 
program in the basic block 40-1 so that a menu screen 
04;' ■(. displayed on the display section 21. 
[01 72] When the screen 04:? ■& displayed, the user se- 
lects "4 SET APPLICATION AUTO. START". An auto- 



matic start set confirm screen 043 is displayed thereby 
prompting the user to select. 

[0173] In the case where the user selects "YES", the 
automatic start is set In the case where the user selec- 
tion is "NO", on the Other hand, the automatic start is not 
set. 

[0174} The gate of the railway company is equipped 
with a ticket check reader/writer. Before passing through 
the gate, the user performs me following operation 
[0175J First, the user depresses the U button 23. The 
UIM menu screen 041 shown in fig. 19 is displayed on 
She display section 21 . The user than selects " CO RAiL - 
WAY" for which me pass * uscto As a •«? m theccmiol 
unit 30 of the UIM 12 executes tne CO RAILWAY pro- 
gram in the basic block 40-1 , and displays the menu 
screen D42 on the display section 21 . The user selects 
» 1 . PASS" The pass program constituting a pari of the 
00 RAILWAY program is slatted by the control unn 30, 
in accordance with this pass program : the control unit 
30 begins communication with the ticket reader/writer 
for pass check, in the case where this communication 
is carried out by the common key cryptosystom, for ex- 
ample, the pass check process is performed following 
tho steps described below. 

(1) Each party checks ihe other party. 

(2) The ticket check reader/writer requests the mo- 
bile terminal 11 to transmit information on the com- 
mutation pass. 

(3) The mobile terminal 11 encrypts the pass infor- 
mation by the common key and transmits it to the 
ticket check reader/writer. The pass information dis- 
play screen 053 is displayed on the display section 
of the mobile terminal 1V 

(4) The ticket check reader/writer decrypts ths re- 
ceived commutation pass information, and, in the 
case where the user is found to be legitimate the 
gate is opened to allow him in 

40 [0176] At the same time, a message screen 054 for 
expressing gratitude to the user is displayed on the dis- 
play section 21 . 

[0177] The foregoing description deals with the com- 
mutation pass, in the case where the mobile terminal 11 
45 is used to function as a private card, however tho data 
area 42 is updated to indicate the value data corre- 
sponding to the amount after subtracting the actual 
charge in the process of (4) aDove. 

so l~ ,4.15.4] Use of commutation pass (gate passage: 
auto, start) 

[0178] When the screen 043 shown in Fig. 1 8 is dis- 
played, the user can select "YES'' and the automatic 
55 start is set. The following operation is performed. Spe- 
cifically, when the mobile terminal 1 1 set to the automat- 
ic start mode approaches the gate of me station, a poll- 
ing sicinai transmitted from the ticket check reader/Write? 
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is received by the mobile terminal li. As a result, the 
pass program constituting a part of the OO RAILWAY 
program is automatically started by the control unit 3C 
:n the UIM 1 2. anc the pass check simiiar tc the manual 
start is earned out. 

I t .5j Effect of firs! embodiment 

[01 79] As describee! above, according to this embod- 
iment, even in the esse where the storage area of the 
storage module is divided to store each program, the 
mcbiiv temvnal simply provides the communication 
function to the UiM. and no extra burden is nposed on 
the mobile terminal Therefor©, the inherent function of 
the mobile terminal is no! adversely affected 
[0180] Aiso. the p'oc/am storage, the activation, the 
aeaova'ion anc the deletion are not carried out by the 
mcciie terminal, but jnderthe control of the distribution 
management server Thus, the user convenience is im - 
proved While at the same time rnairttaining security 

[21 Second embodiment 

[0181] According to the first embodiment described 
above, the program executed by the UiM 12 is stored in 
the basic blocks 40-1 to 40-6 in the same UiM. In the 
second embodiment, however, al! the programs execut- 
ed are not necessarily stored in the bssie blocks. 

[2 V- Configuration of second embodiment 

[0182] Fig, 21 is a block diagram showing a configu- 
ration of a program distribution system according to a 
second embodiment of the invention, 
[0183] A UIM 12, contents servers 1-9-1 to 19-6 and 
19X- and a distribution management server 16A are 
shewn in Pig. 21 . The distribution management server 
1 6A corresponds to the distribution management server 
16 of the first embodiment plus the functions unique to 
this embodiment. The contents servers 1 9- 1 to 1 9-6 and 
!3X have similar functions to the contents server 19 of 
the first embodiment The system according to this em- 
bodiment has an authentication server as in the first em- 
bodiment, not shown in Fig. 21. 
[0184] The UIM 12 according to this embodiment In- 
cludes an application area 1 2C shown in Fig 22 in place 
of the apposition area 12B of the first embodiment. The 
program storage area 12C <s divided into seven basic 
clocks 40-1 to 40-7 and one free basic block 40-1 . 
[0185] The basic blocks 40-1 to 40-7 and the free ba- 
sic block 40-F1 each have a program area 41 and a data 
area 42. A program (application or applet) is stored in 
Jho program area 41, The data area 42, on the other 
hand, has stored therein the data used by the program 
stored ?n the program area 41 of the same basic block 
or the free basic block. 

[Q186] In this case, the basic blocks 40-1 to 40-7 and 
the free basic bioc- 40- F- sre-inaepende"-; of eachoth- 



er, and basically, the program stored in the program area 
41 Of a given block cannoi access the data area 42 of 
other blocks This is also the case with the first embod- 
iment. The program stored in the program area 41 can- 

s not be distributed or deleted without intermediary of the 
distribution management server 16A The data area 42, 
however, can be directly operated through the distribu- 
tion management server 16A or a local terminal as in 
the ease where electronic money is downloaded from 

io the ATM, This point is also similar to the first embodi- 
ment, 

1018?] According to this embodiment, the distribution 
of the programs stored in the basic blocks 40-1 to 4C-7 
is controlled by the distribution management server 

'5 1SA The program stored in the free basic block 40-FT , 
however, is controlled not by the distribution manage- 
ment server 16A but on the user's own responsibility. 
[0188] According to the first embodiment, the pro- 
gram transmitted from the contents server 1 9. in accord- 

20 ance with the distribution lequest horn the mobile termi- 
nal Tt, is se~- to mc UiM "2cy mo olsmbulion manage- 
ment server 16 The distribution management server 
16A according to this embodiment, on the other hand, 
accepts the program distribution request horn the mo- 

23 bile terminal 11. and on acquiring she program by ac- 
cessing !he contents server as required, distributes it to 
the UIM 12 of the mobile terminal 11 The distribution 
management server 16A according to this embodiment 
is similar to the distribution management server 16 of 

3Q tfce first embodiment in that the program distribution, 
from the contents server to the UiM 12 is relayed and 
managed. This operation, however, is not the only func- 
tion of the distribution management server T6A accord- 
ing to this embodiment. Specifically the distribution 

33 management server 1SA has means for storing a pro- 
cram or the : mem: at or- indicating |he location of the pro- 
gram for the benefit of the user of the UiM 12. and any 
of the programs stored in this means can be acquired 
by Ihe user through tne ciistnbJicn management server 

40 16 A. In this sense., ihe distribution management server 
16A exhibits a function simiiar to a cache memory for 
the UiM 12. 

J0189J In order to manage the program distribution to 
the UiM 12 and exhibit the function like a cache memory, 

**• ffte distribution management server 1 6A includes a dis- 
tribution management unit SC. The distribution manage- 
ment unit SO has a user information storage unii 51 and 
a program irfaimatic-i storage unit 52. 
|019O] The program information storage unit 52 has 

so stored Ibereina program proper ore URL corresponding 
So the program thai can be distributed to the UIM 12. 
The URL is the information indicating she address of a 
specific oneof the contents servers 19-1 to 19-8 and the 
vary contents server where- a particular program is io- 

55 cated. Which is to be stored in the program information 
storage unit 52 for a given prog ram, the URL information 
or the program proper, can be determined based on tne 
storage capacity of the program information storage unit 
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52, or in the case where iho storage capacity is suffi- 
cient, can be selected as desired by the contents pro- 
vider operating the distribution server, 
[0181] The chance of storing a new program or the 
URL theme? m the program information storage unit 53 
is qtven.-fcr example, in the case where the mobile ter- 
minal 11 of a given user sends a program distribution 
request, and a program or the URL thereof meeting the 
particular distribution request is not stored in the pro- 
gram information storage unit 52. In such a case, the 
ptoqtam ir!o'-i: : <t:o" i.tor : go un : 62 acccss.es the cor 
tents server and acquires and stores the program de- 
sued by the user in compliance with the request from 
the mobile terminal 'i 

[01S2] The user information storage unit 51 includes 
n in > 1 ) individual user information storage units 53-1 
to 53-n corresponding to n persons to which the system, 
according to the invention, is applicable. Each individual 
user information storage unit 53-k has a rea! distribution 
information storage unit 54 and a virtual distribution in- 
formation storage url 55. 

[0193] The reel distribution information storage unit 

54 of the individual user information storage unit 53-k 
has stored therein pointer dataccnespondingio the pro- 
gram actually distributed. to the UIM 12 of the user k. 
The pointer data is for indicating a particular area In the 
program information storage unit 52 where the program 
or the URL thereof is stored The availability of the rea! 
distribution information storage unit 54 makes it possible 
for the distribution management server 1 6A to immedi- 
ately redistribute arty program, it erased, in the basic 
blocks 40-1 to 40-7 of the UIM i 2. 

[0184] The virtual distribution information storage unit 

55 of the individual user information storage unit 53-k, 
on the other hand, stores the pointer data corresponding 
to an available program, though not actually distributed 
to the U IM 1 2 of the user k, that can he immediately dis- 
tributed to the UIM 12 of the user k who is desirous of 
having such s program. The user otthe USivl 12 can re- 
ceive the following services by use of the virtual distri- 
bution information storage unit 55. 

(a) The pointer data of a program ol which distribu- 
tion to the UiW 12 is desired Is provisionally stored 
in the virtual distribution information storage unit 55. 
The user whenever the distribution ol the program 
with the pointer data thereof stored in the virtuaidts- 
tnbution information storage unit 55 is required, 
sends a request to the distribution management 
server 1 6A using the mobile terminal 11 . The distri- 
bution management server 16A reads the pointer 
data of the requested program from the virtual dis- 
tribution information storage unit 55, and acquires 
arid distributes the program specified by i** part e- 
ular pointer data to the UfM 12. In this ease, the 
pointer data o< the program distributed to the UifV 
12 is moved from the virtual distribution information 
storage unit 55 to (he real distribution information 



storage unit 54 

(b)The number of the basic blocks in the UIM 12 is 
limited. Therefore, it may happen thai aU the basse 
blocks are occupied and no basic block is available 
5 for storing the program to be distributed in such a 
case, the distribution management server 1&A 
reads the pointer data from the storage area corre- 
sponding to a given basic block 40-X in the UIM 1 2, 
from among the storage areas in the rea! distribu- 
te tion information storage unit 54, and transfers it to 
the virtual distribution information storage unit 55. 
The program to be distributed is sent to the UiM 1 2. 
Where ii is written in the basic block 40-X, and the 
pointer data of the program is written in the storage 
is area corresponding to the basic block 40-X in the 
seat distribution information storage unit 54. This 
process makes it possible to acquire a program cy 
& distribution request and store it in a basic block- 
even in the case where the basic blocks are tuily 
so occupied, in the process, with regard to the prog ram 
driven away from the basic block, a request may be 
given again, if requited, to the distribution manage- 
ment server 16A and the process described in (a) 
above can be earned out, 

[01SS] Now, an explanation will be given of the lunc- 
tion of the distribution management server 16A corre- 
sponding to tne free basic block 40-F1 . As already de- 
scribed, as for the free basic block 40-F1 .the distribution 
30 management server 16 does not manage the program 
distribution. The user, by operating the mobile terminal 
11, can freeiy register or delete a program in the free 
basic block 40-F1, 

{0196] The real distribution information storage unit 
35 54 of the individual user information storage unit 53 has 
a storage area corresponding to the basic block 40-R 
of the UtM 12. in this area, however, no pointer data of 
a program Is stored, but the dais including the number 
of times a program is registered in or deleted from the 
■40 basic biock 40-F1 or the URL information thereof In the 
case where nothing is stored in the free basic brock 
40-F1 , the data indicating the fact ("Null" data etc.) may 
be stored in this area. 

fQ197j The program in the free basic block 40-H ot 
45 the UIM 12. should it be deleted, unlike the programs 
stored m the basic blocks 40-1 to 40-?, remains as it Is 
until registered again by the user himself. 
[0188] irt the case where the user is desirous of 
changing the program in the free basic block 40 -F1 tem- 
so porarily to another program, on the other hand, such a 
change can be made always by the user himself rewr it - 
ing it. 

10188] in sjen a case, the dis'i bunon ma-ager-em 
server 1 SA cannot carry out the charging process even 
55 if a program is stored in the free basic block 40- Ft . 
[0200] The free basic block 40-F1 can be changed so 
that it can.be handled the same way as the basic c acks 
40-1 to 40-7 as desired by the user Specifically, before 
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the change, seven basic blocks 40-1 to 40-? and one 
free basic block 4Q-F1 can be used as sight basiebioeks 
40- 1 to 40-3. 

[0201] in such a esse, the -rrormai-orno-neeffec! rrsa! 
•the free basic block 4Q-F1 has bean changes so the bs- j 
sic block 40-8 is written by the a : slhbufon management 
server 16A m the system area 12A [Fig. 4) of the UIM 
12. Also, the area in tne tea! distribution info-nation star- 
age unit 54 that has hitherto been handed as an area 
corresponding to the free basic block 40-F? can be han- U 
died by the distribution management server 16A as an 
area corresponding to the basic block 40-8. and using 
this area, the same management as that of the basic 
blocks 40-1 to 40-7 is started. 

[0202] The basic block that has been changed to the is 
basic block 40-8 by the user in this way can be restored 
to the free basic block 40-F1 again. The basic blocks 
40-1 to 40-7 cannot oe changed to free basic blocks. 

[2 2] Configuration of distribution management server *a 

f0203] A configuration of the distribution management 
server is shown in Fig. 23. 

[0204} The distribution management server ISA is 
roughly configured- ei a transmission control unit 81 , the ss 
user information storage ursif S"! described above, the 
program information storage unit 52 described above 
and a secure communication control unit 62 
t0205| The transmission control unit 61 controls the 
transmission between the external contents servers 36 
1 9-1 to 19-6 or between the mobile terminals 1 1 (includ- 
ing the transmission between the contents servers * 9-1 
to 1 9-6 and the mobile terminals 1 1 ). the transmission 
control unit 61 aiso controls the transmission between 
the user information storage unit 51 . the program infer- as 
••nation storage unit 52 and the secure communication 
control unit 63 to each other. Further, the transmission 
contra' unit 61 controls the distribution management un ft 
50. the user information storage unit 51. the program 
information storage unit 52 and the secure cemmurrlea- to 
ticn control unit S3 on the one hand, and requests the 
execution of various processes in the distnbution man- 
agement unit 50, the: user information storage unit 51, 
the program information storage unit 52 and the secure 
communication control unit 83 on the other hand. 
[0206] The program information storage unit 52 sub- 
stantially functions as a porial site for the program per- 
mitted to be distributed to the basic blocks 40-1 to 40-7 
of the UiM 12. 

[0207] The secure communication control unit 63 au~ so 
thenticetas the information (an encrypted program, etc.) 
sen! from the contents servers-, 19-1 to IS- 6. holds the 
public key paired with tne private key held by each UiM, 
and manages the issue of the public keys for the con- 
tents servers 19-1 to 13-6. ss 



!2.3j Operation of second embodiment 

[2.3.1] Registration in user information storage unit 

[020SJ in the example shown in Fig. 21, the contents 
servers 19-1 to 19-S are under the control of the distri- 
bution management server 16A. The user desirous of 
using a program (applet) stored in any of the contents 
servers is required to register the particular program In 
fhe user information storage unit 51 of the distribution 
m.r.tis.^-neiV. s-eve 1C>A Tre rogisUsticn process wiil 
be explained below with reference to Fig. 24. 
[02Q9] First; the user sends a request" for a menu jisi 
of the programs that can be registered, to the dislribahcn 
managemenl server ISA from ihe mobile terminal i - . 
This request is sen! to the program information storage 
unii 52 through the transmission control unit 61 of the 
distribution management server 16A (step S131). 
[0210] The program information storage unit 52 that 
has received the request prepares a menu list of ail the 
programs that can be registered or, specifically, all the 
programs of which the program proper or the URL is 
ntor -ed n the program information storage unit 52, and 
transmits the menu list through the transmission control 
unit 61 to the mobile terminal 11 {step S 1 3g|. 
[021 1 ] This menu list is received by the mobile termi- 
nal 11 and displayed on the display section 21 . Under 
this condition, she use.- can acquire, by operating the op- 
erating section 22. a comment on tne desired program 
from the distribution management server 16A and dis- 
play it on the display section 21 . 
10212] Once the program of which distribution is re- 
quested is determined by the user operating the oper- 
ating section 22, the mobile terminal n transmits a reg- 
istration request containing the information specifying 
the particular program to the program information stor- 
age unit 52 of the distribution management server 1 6A 
(SteoS 133). 

[0213] The program information storage unit 52, 
based on the program registration request, registers the 
program requested by trie user m the user information 

I0214J The operation in step S134 will be describee 
in detail. First, assume that the registration request :s 
Issued from the mobile unit 11 in which me UIM 12 cr a 
given user k is built or mounted. In this case, the pro- 
gram information storage unit 52. based on Hie regnti -i 
tlon request, identifies the program requested by the us- 
er, and determines the pointer data for specifying the 
interna! area of tne program information storage unit 52 
in which the URL information indicating she location of 
ihe program or the program proper thereof is stored 
Once the pointer data of the program requested by the 
user is obtained in this way, the program information 
storage unit $2 accesses the contents stored In each 
area of the real distribution information storage unit £4 
of the individual user information storage unit 53-k cor- 
responding to the user k, and thus determ nes the bas:c 
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block 40-X (isXS ?} available for storage among the 
U,isir blocks of the UiM 12 of the user k The pointer 
data .it the program 'e-iuested by the user is registered 
ir the area of t-'*: •«:•?,; a ?:= is,-.-- information storage 
unit 54 corresponding to the basic block 40-X (step 
S>34). >t may be that t?ie UIM 12 of the user k has no 
basic block 40-x n & X ?s 7} available for storage- in 
such a case, the Drogram information storage unit 52 
-eqis:ers the pointer data in the virtual distribution inter- 
rn^on ;.ioi-;c;e u^l iv- cp^cl bv the? user or so: au- 
tomatically. 

[0215] in step S141 . the; menu list may not have any 
desired program. In such a case, the user can request 
the program information storage unit 54, by operating 
themobiletentiinsi-s o * -jtne desired contents 
server In this case, the program • >tv omiaticri s'.o- ;-c;o urt 
54. in compliance with the user request, acquires the 
program or the URL thereof from the contents server 
desired by the user, and holds it in the unoccupied area 
in the program information storage unit 54. in the proc- 
ess, the pointer data indicating the location of the ac- 
quired program cr the URL thereof is registered in the 
real distribution information storage unit 54 tn the same 
manner as the procedure mentioned above. 
[021 6 J Upon ecmpi eie registration of the program re- 
quested by the- user in this way. the distribution manage- 
ment server 16A starts the charge process- for the user 
or the contents provider that has distributed the partic- 
ular program 

[0217] Then, the user information storage unit 51 
sends a registration notice to the mobile terminal 11 
througn the transmission control unit 61 (step S135). 
{02181 Tne mobiieterminal 11 . upon receipi of the reg- 
istration notice, semes a registration acknowledgment to 
the distribution management server 16A (.step S13B). 
[0219] The user information storage unit 51, upon re- 
ceipt of the registration acknowledgment through the 
transmission control unit 61 from the mobile terminal 1 1 
having the UiM 1 2 of the user k built therein or connect- 
ed therewith, determines the contents provider 19 stor- *o 
ing the program of which the pointer data has been reg- 
istered for the user k. and sends an activation permis- 
sion request to the contents server 1 9 (step S137). 
[0220} The contents server 1 9 that has received the 
activation permission request, in oraer to approve a pro- <* 
gram utilization contract, sends the activation permis- 
sion to the usee mtormation storage unit 51 (step St 38) 
As a result the user information storage unit 51 consid- 
ers that the use is permitted of the pointer data stored 
in that area of the real distribution information storage # 
unit 54 of the individual user information storage area 
53-k for the use? k which corresponds to the basic block 
40-X. 

[0221j The user information storage unit 51 sends a 
registration completion notice indicating thai the regis- * 
tration m the mobile terminal 11 is completed (step 
S139). This registration completion notice contains a 
registration list providing a list of the programs with the 



pointer data thereof registered in the user information 
storage unit 51. 

[02223 The user can confirm the registration list from 
the display section 21 of the mobile terminal 11. 

[2.3.1 .1] Registration of UIM in basic biock (the conten ts 
server holding the program) 

(0223) The user k who has received trie registration 
list can request the program for which he has requested 
registration, to be distributed and written in the UIM i 2 
With reference to Fig 25, this operation wiii be ex- 
plained. 

|0224] The user k performs the operation for selecting 
a program of when distribution is desired from the reg- 
istration list. Then, a distribution request containing the 
pointer in the registration list, indicating the position 
number in the registration list where the particular pro- 
gram is located, is sent to the user information storage 
unit 51 of the distribution management server ISA from 
the distnbution terminal 11 (step S141). 
[0225'j The user information srorage unit 51 . upon re- 
ceipt of a distribution request from the mobile terminal 
11 of the user k. roads the pointer data specifying fhe 
place of storing the program proper or the URL of the 
proqram requiring distribution, from that area of the real 
distribution information storage unit 54 of the individual 
user information storage unit 53-k which corresponds to 
the pointer in she registration list contained in the partic- 
ular distribution request. The distribution request -con- 
taining the pointer data is sent to the program informa- 
tion storage unit 52 (step Si 42), 
[02261 The program information storage unit 52 ac- 
cesses the area specified by the pointer data in the par- 
ticular distribution request. In the case where the URL 
of the program Is stored in the ares, the program distri- 
bution is requested from the contents server 19 using 
the URL {step 3143). 

[0227J The contents server 19. upon receipt of this 
distribution request, requests the authentication server 
13 to issue a public key for the distribution management 
server (step S144). 

[0228] in the case where the contents server 1 8 is per- 
mitted to wnte In the UiM 12 : the authentication server 
1 8 issues the public key to r the distrlb ution m anageme nt 
server to the contents server 1 9 (step 5145). 
[0229] The contents server 19 encrypts the program 
using the public key for the distribution management 
server, and distributes it as a program, with a certificate. 

i to ;he secure communication control unit 62 of the dis- 
tribution management server 16A (step S1 45). 
[0230] The secure communication control unit 82 has 
stored therein a distribution management sewer private 
key paired with the distribution management server puD- 

s iic key. and using this private key, decrypts the program 
with a certificate In the case where this decryption :s 
successful, a program written in a common text is ob- 
tained. 



36 



EP 1 248 188 A1 



[0231] The secure communication control unil 6? ac- 
quires She j M pubi c key corresponding to the destina- 
tion UiM 12 from the authentication server (refer to the 
firs;; embodiment;, and encrypting the program by the: 
Ullvi public Key sends it to the UIM 12. in the U M "2. 
the program is decrypted using the UIM private key 
paired with the UIM public key. Once the decryption is 
successful, a program m a common text is detained. The 
U Rvl 1 2 writes this program in the basic block 40-X (step 
SI 47). The UIM 12 determines the basic block 40-X by 
the same algorithm as used by the program information 
storage unit 52 in she distribution management server 
1 6A. In step 31 47. therefore, the same basic block 40-X 
is obtained as determined in step S134 of Fig 24. Alter- 
natively the rogistiatior- eom;:.!oti:v'- nonet? t ansrnilLoa 
from the distribuiior management server 16A in step 
S13S o? Fig. 24 may contain the information specifying 
the unoccupied basic block 40-X determined m step 
SI 34, ana in step 3 id? of Fig. 25, the program is stored 
in the basic block 40-X specified by the particular infor- 
mation. 

[0232] The UIM 12, at the end of the program write 
operation, transmits a write end notice to the secure 
communication control unit 62 of the distribution man- 
agement server IS Isfop S148), This write end notice 
contains the information for specifying the baste biock 
40-X in which the program is written. 
[0233] When the secure communication control «nt 
62 of the diistnbsjtior! management server 16 receives 
the write end notice the User information storage unit 
51 sends an activation request to the contents server 
19 in order to request the permission for execution of 
the program written in the U!M 12 (step 5149), 
[02343 T 'he contents server 19 that has received this 
activation request sends an activation permission to the 

(0235j • ' ! has 

received the activation permission sends an activation 
instruction to the UsM 12 (step Si 51). 
[0236] in the UIM 12, upon receipt of the activation 
instruction, the activation f)ng ocmespontiing to the basic 
block 40-X m which the program is written turns from '0* 
to "1". after which the execution of the program in the 
particular basic biock becomes possible. 
[0237] The USM 12. at the end of the program activa- 
tion, transmits an activation acknowledgment notice- in- 
dicating I he end of the program activation to the user 
information storage unit 51 of the distribution manage- 
ment se'ver 1 2 A lc-oe!he<- with the information specify- 
ing the program (tor example, the information specifying 
the basic block 40-X} (step S1 52) 

The user information storage unit 51, upon re- 
ceipt of the activation acknowledgment notice from the 
UIM 12 of the user fc, determines an area of the reai dis- 
tribution information storage unit 54 of the individual us- 
er information sto -eg-* uni 1 53 ■ < cc - responding to the ba- 
sic, block 40-X in this area, the pointer data correspond- 
ing to the program written in the basic block 40-X is al- 



ready written in the UIM 12 of the user it in this area, 
the information to the effect that the activation is com- 
plete is written in such a form thai a given pointer coex- 
ists, As the result of this operation, the distribution man- 
5 agemenl server 1 5A can grasp whether the activation 
has been performed for the basic blocks 40- f to 40-7 of 
all the UJMs 12 by accessing each area of the user in- 
formation storage unit 51 

[0239] The user information storage unit 51, at the 
■o end of V-q operation for writing the information to the 
effect that the activation is complete, notifies (he mobile- 
terminal 11 that the registration is complete as a pro- 
gram i:-.t ■■■.nr. subsequently nc-ihes ;ri.- :; : ;ne ::■■.,'}<■:■■■■■■ 
can be executed, while at ths &mui time anding the 
*s process (step S I S3). 

[0240] The distribution ma v-.eo'-x-- : server ISA noti- 
fies the contents server 1 9 that the activation of the pro- 
gram is. completed (step S154), 

20 [2.3.1 ^.Registration of in UIM basic biock (in the case 
where the distribution management server holds the 
program proper) 

[0241] !r. the example of operation shown in Fig. 25, 
3S the program proper, of which the distribution is desires 
by the user, is not stored in the distribution management 
server 1 6A but in the contents server 1 9. In the operai ion 
e*amp!eshown in Fig 26, in contrast, theprogram proo- 
er of which the distribution is desired by the user is 
30 stored in the distribution management server 1-6A. The 
operation example shown in Fig. 26 will be explained 
below;. 

[0242] The user accesses the registration fist re- 
ceived from Ihe distribution management server 16A. 

■35 and performs the operation for selecting the desired pro- 
gram, A distribution request containing the pointer in the 
registration list corresponding to the particular program 
is sent from the mobile terminal 11 to the user Informa- 
tion storage uni! 51 of the distribution management serv- 

40 at 1M (step Si 61), 

[0243] The user information storage unit 51 : upon re- 
ceipt o? the distribution request from the mobile terminal 
"■ :y me ..serk. reads the potr-Nt-' data ■ orsoxv.iryinq t--e 
place of storage of the URt. of the program or the c-ro- 

45 gram proper of which the distribution is requested, from 
that area of the real distribution ..--formation storage unit 
54 of the individual user information storage unit 53 -k 
which corresponds to the pointer in the registration iist 
contained in the distr ibution request. The distribution re- 

so quest containing this pointer data is sent to the progr am 
information storage uni! 52 (step SI 62) 
[0244] The program information storage unit 52 ac- 
cesses She area designated by the pointer date in the 
distribution request. In the case where the program 

55 proper is stored in the particular area, the secure com- 
munication control unit 62 requests the authentication 
server 18 to issue a certificate, i.e. sends a request for 
the UIM public key required for encrypting the program 
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otoper and sending t to the UiM 1? of the oserk (step 
S163) 

[0245] In the case where the program corresponding 
to the distribution request is a program cermuted to vrite 
;n the UIM 12 the authentication server 18 sends the * 
UiM public Key to the secure communication control unit 
62 (step S164). 

[0246] The secure communication control unit 62 re- 
ceives this UIM pubiic key, and upon determination that 
the key is legitimate, encrypts the program to be distrib- IP 
uted, using the UiM public key, and thus generates a 
program with certificate. 

[0247] When the user performs the operation at the 
mobile terminal 11 to permits the program distribution, 
the secure communication control unit 62 of the distri- is 
button management server 1BA sends a program with 
certificate to the UIM 12 of the mobile terminal 11 (step 
S165). 

[024S] The UIM ' 2 has stored therein a UIM private 
key paired with the UIM public key, and using this UIM SO 
private key. decrypts the program. The seme program 
is written 'in the basse block 4Q-X. 
[0249] The subsequent operation is similar to the cor- 
responding operation shown to Pig. 25. in Fig. 26, steps 
S16Sto -SI 71 correspond to steps S14B to SlSSih Fig, 
25. 

j2.3 1 .3] Registration in UIV basic block (in the case 
where the distribution management server holds the 
program proper, and the secure communication control 3D 
unit holds the UiM pubis key) 

[0250] It may happen that when the mobile terminal 
11 sends a distribution request to the distribution man- 
agement server 1 6A the secure communication control SS 
unit 82 of the distribution management server 16A hoids 
the UiM puolic key of the UIM 12 to which the program 
is to be distributed Such a phenomenon may occur, for 
example, in the case where programs are distributed to 
the same UIM 12 within a short time. Fig 27 shows an 40 
example of the operation performed in such a case. In 
this operation example, when a program proper corre- 
sponding to the distribution request is found, the pro- 
gram is encrypted using the UiM public key held in the 
secure communication control unit 62 and written in the 4S 
UiM 12. The operation shewn in Fig 27 is similar to the 
operation shown in Fig. 26, except that the operation 
corresponding to steps S1 S3 arid S1 64 for acquiring the 
UIM public key from the authentication server 1 8 is lack- 
ing. Steps S18* , Si 82, S183 to S189 in Fig. 27 ccrre- «• 
spend to steps SI 81 St 62, ST85 to S171 , respectively, 
m Fig. 26. 

[2.3.1.4] Registration in UIM free basic block 

{0251] T he user, by operating the mobile terminal 11 . 
car register a program in the free basic b.'ock 40-F1 of 
the UIM 12. This operation is shown in Fig. 28. 



[0252] in -he case whe-s n program m rog stereo n 
;ne 'ree bas«c o ock 4Q-F1 oi :t:e KXM 12 the user oper- 
ates the mobile terminal 11 so that the desired contents 
server 1 9X is accessed and a request for distributing * he 
desired program is sent to il (step S191). 
{0253] The contents server 19X that has received inis 
distribution request distributes the requested program 
to the secure communication control unit 62 of the dis- 
tribution management server 16A (step 8192). 
[0254] The user perfomia the operation to permit the 
distribution to the free basic block 40-F1 , and the infor- 
mation indicating the particular operation is sent from 
the mobiie terminal 11 to the distribution management 
server 16A. Then, the secure communication control 
unit 52 distributes the program to the UiM 12 of '.he mo- 
bile terminal 11 (step SI 93). This program may be scant 
in encrypted form or without encryption. The UiM 12 
writes this program in the free basis block 40-F1 
[025S] Tine UiM 12, at the end of the program write 
operation, fansm-.ts <r. *t no una rottce to the distribution 
management server 1 6 (step S1 84). 
[0256] The user information storage unit 51 of the dis- 
tribution management server 16 receives the write «nd 
notice from the UiM 12 of the user k, and updates the 
information including the number of distribution ses- 
sions stored in the area of the user In dividual information 
storage unit 53-k corresponding to the free basic block 
40-F1 (stepS 195). 

{0257] Once this update operation is completed, the 
user information storage unit 51 sends to the UiM 12 an 
activation instruction for the program written in the free 
basic block 40- F1 (step S1 96}. 
{0258] The UIM 12, incompliance with this instruction, 
completes the program activation, and transmits to me 
user information storage unit 51 of the distribution man- 
agement servei 16 a>- activation response notice indi- 
cating that the achvaficn of the program in the free basic 
block 40-Fi is completed (step S1 97). 
[0259] The user information storage unit 51 , upon re- 
ceipt of the activation response notice from the UiM 1 2 
of the user k, registers the information that the activation 
is complete, in the area of the individual user information 
storage unit 63-k corresponding to the free basic block 
40-F1 The user information storage unit 51 notifies, in 
the form o? program list, the mobile terminal 11 that the 
registration is complete, thereby terminating the proc- 
ess (step S1 S3). 

[2.3,1.5] Program deletion from user information 
storage unit 

[0260] Now, the process for deleting the program reg- 
istered in the user information storage unit 51 will be 
explained with reference to Fig. 29. 
[0261] The user, by performing a predetermined op- 
eration, can display the registration program list re- 
ceived irom the distribution management server 1 6A. on 
the display unit 21 . Under this condition, the user spec- 
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ifies the desired program and instructs to datete the pro- 
gran-: in me distribution management server I SA. A pro- 
gram registration delete request contain -g -.he informa- 
tion tor specifying what is to bo deto-eo is sen: to (he 
user information storage unit 51 of the distribution man- 5 
agement server 18A (step S201). 
[0262] m the cas:o where the program to be deleted is 
already deleted from any one of the basic blocks 40-1 
to 40-7 o? the UiM 12. the user information storage unit 
5"! sends a cance; request indicate tre oesire of the fa 
user to cancel the utilisation of the program, to the con- 
tents server 1 9 from which the; particular program is dis- 
tributed ('stop S202 . in the case where a program to be 
cieisted remains undeleted \n any one of the basic 
blocks 40-1 to 40-7 of the UiM 12, on the other hand, is 
ths process for detetior, of the program from the basic 
blocks 40-1 to 40-7. described later, is cameo out at the 
same time under itie guidance of the distribution man- 
agement server ISA: 

[0263] The contents server 19. upon receipt of the so 
cancel request, sends a cancel permission notice to the 
user information storage unit 61 of the distribution man- 
agement server ISA (step S203). 
[0264] The user information storage unit 51 , upon re- 
ceipt of the cancel permission notice, deletes the infor- si 
maiion on the program of which the deletion is request- 
ed in step S201 . and sends the registered program list 
after deiotion to the mobile terminal 11 (step S204). 

[2 3, 1 §) Program detehon from UIM basic block so 

[0265} Now, the process for deleting a program from 
the basic blocks 40-1 to 40-7 of the UIM 12 will be ex- 
plained with reference io Fig. 30. 

[0286] The user, by performing a predetermined op- 35 
©ration, can display csn the display unit 21 the registered 
program list transmitted already to the mobile terminal 
i 1 . Under this condition, assume that ths user specifies 
the desires program and gives an instruction to delete 
it. On© of the basic; blocks 40- 1 to 40-7 of the UIM 12 -tc 
where the program to be deleted is stored is determined, 
and a deletion request containing the information spec- 
ifying the particular basic block is transmitted from the 
mobile terminal 11 so the user information storage unit 
51 of the distribution management server 16A (step «s 

sail). 

[0267] The user information storage unit 6 i , upon re- 
ceipt of the deletion request, sends a deletion permis- 
sion notice to the UIM 12 (step 3212). 
[0268] The UiM 12. upon receipt of the deletion per- so 
mission notice deletes the program specified by the us- 
er in step S21i from the basic block, and sends a dele- 
tion end notice tc -he user information storage unit 51 
(step S213). 

[0269] As a result, the user information storage unit 55 
51 deletes the information on the corresponding pro- 
gram under the control of the transmission conlrol unit 
61 . and gives a delation notice to the contents server 19 
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fstepS214>. 

[0270] Also, the user information storage unit 51 no- 
ti-'ies :ne mobile terminal 11 that the deletion is compete 
in thefonrr. of a program list, thereby ending the process, 

[2,3,1 .6.1 i The case in which the program deletion from 
basic block is carried out at the same time under the 
guidance of distribution management server. 

(0271] As described above, if the process Jot deleting 
a program from the basic blocks 40-1 to 40-7 is carried 
001 a the same t '-e as the ocio: on of the D'<->p.ra~- from 
tfe; ;.sor infor -attar stooge i;-:l 5 uo.hv ;h<; gjd^noe 
of the distribution management server, the user infor- 
mation storage unit 51 of the distribution management 
server sends a deletion instruction to the UiM by spec- 
ifying the program of which deletion is requested, n 
place of the process of steps $21 1 and S212 described 
above, 

[2 3 1.7? The case in which use, of user information 
storage unit is prohibited. 

10272] According to this embodiment, a deactivation 
process for the user information storage unit can be ex- 
ecuted for preventing the userfrom using the user infor- 
mation storage unit 51 . This deactivation process .for the. 
user information storage unit is carried out. for example, 
In mo. case whore the distribution management server 
ISA slops the service temporarily, or the service of the 
dtstr-b-ticr: management server 16A to the user is tem- 
porarily suspended at the request of the contents pro- 
vider holding the contents server 19, Once this deacti- 
vation process for the user information storage unit is 
carried out, the distribution of the programs registered 
in the user information storage unit 51 to the UiM 12 is 
prohibited and so is the deletion of the programs regis- 
tered in the UiM 12, 

[0273] Mow, with reference to Fig. 31 . the deactivation 
process for the user information storage unit will be ex- 
plained. The following description concerns the case in 
which the contents server 1S requests the deactivation 
process for the user information storage unit. 
[0274] First, the contents server 19 sends a use in- 
formation storage un;t deactivation request to the user 
information storage unit 51 of the distribution manage- 
ment server 16A (step S221) 

[0275] The user information storage unit 51 , upon re- 
ceipt of the user ir'ofmatrcn storage unit deactivation 
request, is prohibited from use (deactivated state), and 
sends a user information storage unit deactivation per- 
mission notice io the contents server is /stop 3222} 
[0276] Then, the user information storage unit 51 
sends to the mobile terminal 11 a user information stor- 
age unit deactivation notice to the effect that the use of 
the user information skvage unit 52 has been oronibited 
(step $223). 

[0277] As a result, the user of the mobile terminal 11 
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can confirm that the use of the user information storage 
unit 51 has been prohibited 

12.3.1 7.1] The case in which the user ■information 
storage unit is deactivated by distribution management 
server 

[0278] in the case where the user infc-msticn storage 
unit is deacsivsic-c; fc> '.r-e distribution management serv- 
er 16A hy i;:;;; 1 . t'.e :ser ink; 'ma ^o- sioiugo unit 5 ' .s 
prohibited from use • * s - * user in 

formation storage urn; deactivation notice so ine mobile 
terminal i 1 indicating that, the use of the user information 
storage unit 51 is prohibited (step S223) 

{2 3.1 8] The case in which the use of the program 
stored in UiM basic Stock is prohibited 

[0273] Now, the process for deactivation of basic 
block for prohibiting the use of a program stored in the 
ossic biocks 40- 1 tc 40-7 or the tree basic block 40-F1 
of the U;M 12 will bs sxpfained with reference to Fig. 32. 
[028Q] This process is carried cut in the case where 
the mobile terminal 11 is stolen or -tv contents r-c v>de 
requests the user to prohibit the use thereof. Once this 
process is carried out, the user is prohibited from using 
the programs stored in the basic blocks (including the 
free basic block) involved The description that follows 
deals with the ease in which the user service server 65 
in charge of user services, taking an appropriate meas- so 
ure such as when the mobile terminal 11 is stolen, re- 
quests the process for deactivating tne basic blocks 
based on the report from the user. 
[0281] Fig. 32 shows a sequence of the deactivation 
process for the basic bfoeks. 35 

First, the user service server 66 sends a basic 
block deactivation request to the user information stor- 
age unit 51 of the distribution management server 16A 
(stepS231). 

[02831 The user information storage unit 51 , upon re- «■ 
ce.pt of the basic stock deactivation request, sends a 
deactivation instruction to the UIW 12 (step S232) 
[0284] As a result, the UiM 12 deactivates the basic 
blocks meeting the basic block deactivation request 
and gives a basic block deactivation response indicating * 
that the use el the basic blocks has been prohibited 
(step S233). 

[0285] Then, the user information storage unit 51 
gives a basic block deactivation end notice to the user 
service server 66 indicating that the use of the basic * 
blocks of the UIM ' £ has been prohibited {step S234), 
[028S] Further, tne user information storage unit 51 
gives a user information storage unit list to the mobile 
terminal 11 indicating that the use of the basic blocks 
(which may include the tree basic block) is prohibited, 5 
thereby ending the process (step- S235). 



[2.4] Effects of second embodiment 

[0287j As described above according to the secono 
embodiment, programs can be distributed beyond the 
limit of the number of the storage areas of the stoiaae 
module (UIM), and the operating convenience on the 
part of the user is improved. 

[02883 Also, the eistribution management server can 
easily manage the activation/deactivation of the pro- 
gram distributed, and the distribution and the activation/ 
deactivation of the program ready for distribution 

\%\ Modifications of embodiments 

(3.1 J First modification 

[02893 Tries foregoing description deals with the case 
in which a single distribution management server is in- 
volved. Nevertheless, a plurality o< distribution manage- 
ment servers car; be provided for distributed processing. 
[0290] in such a case, the programs stored in eacf 
>jM. and the information on the storage area of each 
program can be stored in a common database. 

[3 2j Second modification 

[02313 Apart from the foregoing description, dealing 
with the case in which the distribution management 
server is connected directly to a line switching network, 
the distribution management server can be connected 
to the line switching network through an internetrnaking 
up a packet switching network and an internet gateway. 

[3.3] Third modification 

(02523 Although only the UiW is described above as 
a storage module, the invention is aiso applicable tc var- 
ious !C card memories with equal effect, in this case, 
the storage module can be arranged at a fixed terminal 
i as well as a! a mobile terminal. 



Claims 

1, A program distribution system comprising 

at least a mobile terminal having means for 
transmitting a program distribution request; 
a storage module bull! m or connected to said 
mobile terminal, 

a contents server for receiving said distribution 
request and transmitting a program to be dis- 
tributed; and 

a distribution management server for receiving 
said program from said contents server and 
only in a case where said contents server is an 
authorized contents server, transmitting said 
program received from said contents server to 
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said storages module built in or connected to 
said «Tfic-b:?8 terminal; 

characterized in that said storage module in- 



a storage unit, and 
a control unit (or storing ?r> said storage unit said 
program received from said distribution man- 
agement server through said mobile term rial 
and, in compliance with a request, executing 
said program stored in said storage unit. 

2. A program distribution system as set forth in claim 
1. further comprising an authentication server for 
storing a firs: encryption key unique to said storage 
module, 

characterised in that said control unit of said 
storage module decrypts said program encrypted 
by said first encryption key and only in a case 
where decryption ; s successful, said program ob- 
tained by decryption is stored In said storage unit, 

said converts server; upon receipt of said dis- 
tribution request, acquires said first encryption key 
from said authentication server and, using said firs! 
encryption key. encrypts said program to be distrib- 
uted said contents server further encrypting said 
program using a second encryption Key obtained in 
advance and transmitting it to said distribution man • 
agement server, arid 

said distribution management server decrypts 
said encrypted program received from said con- 
tents server, using said second encryption key gen- 
erates a program encrypted only by said first en- 
cryption key and. only in s case where said decryp- 
tion is success^!, transmits said program obtained 
by said decryption ;e van: storage moduie. 

3. A program distribution system as set forth in claim 
1, characterized in that said storage module 
stores a program and data used by said program. 

4. A program distribution system as set forth in claim 
' characterized in that said distribution manage- 
ment server include, a charge processing unit for 
starting a charge process at a time of distributing 
a? program tc sad storage module. 

5. A program distribution system as set forth in claim 
4. characterised in that said charge processing 
unit charges for rental of said storage module. 

S. A program distribution system as set forth in claim 
1 characterised in that said distribution manage- 
ment server includes a charge processing unit for 
starting said charge crocks at a time of holding a 
program for said storage module. 
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?. A program distribution system as set forth in oiaim 
6. characterized in that said charge processing 
unit charges for rental of said storage moduie 

5 A program distribution system as set forth in claim 
1 , characterised in that said distribution manage- 
ment server transmits an activation instruction to 
said storage, module at the request of another de- 
vice, and 

10 said storage module, upon receipt of said ac- 

tivation instruction, is ready to execute said pro- 
gram stored in said storage module and designated 
by said activation instruction. 

«' 9. A program distribution system as set forth in claim 
1 : characterized in that said distribution manage- 
ment server transmits a deactivation instruction to 
said storage module at a request of anotiier device, 
and 

20 said storage module, upon receipt of said de- 

activation instruction, is ready to execute said pro- 
gram stored in said storage modula and designated 
by said activation instruction. 

25 10. A program distribution system as set forth in claim 
1 , characterized irt that said distribution manage- 
ment server transmits a deletion instruction to said 
storage module at said request of another device, 
and 

30 said storage module, upon receipt of said de- 

letion instruction, deletes the program designated 
by said deletion instruction from said storage mod- 
ule. 

39 ft. A program distribution system as set forth irt claim 
1 , characterized in that said distribution manage- 
ment server includes means for managing a stste 
of said program in said storage module based on 
information sent to said storage module. 

46 

12. A program distribution system as set forth in claim 
t , characterized in that said distribution manage- 
ment server acquires version information for said 
storage module and determines whether said pra- 

*s gram is to be distributed or not. based on said ver- 
sion iriforrnattoh, 

13. A program distribution system as set forth in claim 
1 , characterized in that said mobile terminal <n- 

$0 eludes a first communication unit lor- communica- 
tion utilizing a mobile communication network, end 
a second communication unit different from sa d 
first communication unit, and 

said control unit of said storage module In- 

5» eludes means for communication utilizing said sec- 
ond communication unit in accordance with sad 
program stored in said storage module 
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14. A progranr ci.?.-r : :>^t ci system ceroorsrg 

a mobile terminal having me&ns.for transmitting 
a progw rsssfibttior. -equesi 
a storage module duiU in or connected to said 
mobile terminal: and 

a communication management server for .re- 
ceiving said distribution ? eeriest. a~c in a case 
where a program to be distributed is provided 
bv an "authorised contents server, acquiring 
saw prop/ am and transmitting it to said storage 
buHi in :•>! connected to said mobile ter- 
minal; characterised in that said storage mod- 
ule includes 
a storage unit, and 

a control unit for receiving 'rioma? on through 
said mobile terminal, stoting in sale storage unit 
said inform .-;!lon only in a case wnere said in- 
formation is a program received f-'om said dis- 
tributton management server, and executing 
said program stored in said storage wit, in 
compliance with a request 

15, A program distribution system as set forth m claim 
14. characterized in that said distribution manage- 
ment server includes a real distribution information 
storage unit for storing pointer data for specifying a 
program sent to said storage module 



IS. A program. .distribution system as se» 
15. characterised in that said siorag 
storage modal© includes a plurality o? 
for storing programs, and said real c 
formation storage unit of said distnou 
ment server includes a plurality of 
spending to a plurality of said bssic b 



in claim 
it of said 
ic biocks 
ution in- 
nanage- 
is cc re- 



acquired from said contents server and. upon re- 
ceipt of a request for distribution, to said storage 
module, of a program specified by said pointer d&ia 
stored in selected one of said real distribution inter- 
5 matior 5,i:xsqe „r.il and said virtual storage infor- 
mation storage unit, said program is acquired us-ing 
said program information storage unit and is distrib- 
uted to said storage module. 

a 19. A program dist-ibutior system as set forth in c;am 
17,. characterized in that said mobile terminal in- 
cludes means for transmitting a menu list request, 
and 

said distribution management server, in com- 
i5 piiance with said menu list request accesses said 
ootnter data stored in said real distribution informa- 
tfort storage unit and said : virtual distribution infor- 
mation storage unit for said storage module buii? in 
or connected to said mobile terminal, generates a 
10 Mt of programs specified by said pointer data, and 
transmitting said list to said mobile terminal. 

30. A program distribution sysiem as set forth in cisim 
14, characterized \n that 

sjs said mobile terminal includes a first commu- 

nication unit for communication utilizing a mobile 
communication network, and a second communica- 
tion unit different from saidfirst communication unit 
and 

30 said control unit of said storage module In- 

cludes means for communication utilizing saidsae- 
ond communication unit in accordance with a pro- 
gram stored in said storage module. 

3S 21. A distribution management server characterised 
by comprising: 



17. A program distribution system as set forth in claim 
16. characterized in that said distribution manage- 
ment server includes a virtual distribution informa- 40 
tion storage unit for storing said pointer data for 
specifying a program capable of be : ng distributed 

to saio storage module Put not currently stored In 
said storage module, and upor receipt of request 
of distribution, to said storage module, of a program * 
specified by sales pointer data stored in said virtual 
distribution information storage anil, said program 
is distr ibuted to said storage module and, said point- 
er data for specifying said program is moved from 
said virtual information distribution storage unit to 50 
said real distribution information storage unit. 

18. A program distribution system as set forth in claim 
16. characterised inthatsaiddistpbutiortmanage- 
ment server includes a program information storage s* 
unit for storing selected one of address information 
indicating a location of a program capable of being 
acquired'from said contents server and a program 



means for receiving from a contents server & 
program encrypted by a first encryption key- 
unique to a destination of distribution and a sec- 
ond encryption key unique to said contents 
server permitted to d=f.r tx. o s*ic program; and 
means for decrypting said program received 
from said contents server to a state encrypted 
by said second encryption Key thereby to gen- 
erate a program encrypted by only said first en- 
cryption key, said program being distributed 10 
said storage module built in or connected to a 
mobile terminal 

22. A distribution management server characterised 
by comprising: 

a program information storage unit for storing 
selected one of a program acquired in advance 
from an authorized contents server and ad- 
dress information thereof; 
a real distribution information storage unit for 
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storing pointer :fc --. indicating a slceti position, 
in said program information storage unit, of a 
program kvhicn is said program stored in a stor- 
age module built in or connected 'to a mobile 
terminal, or in a case where address infatmta- 5 
tion of said program is stored in said program 
information storage unit, a selected one .of said 
program and sata adaress information thereof; 
a virtual distribution information storage unit for 
storing pointer data 'indicating said stored posi- ?0 
■ion c- a ( :•>•; ::r: w = ::rr .;i- i-i'otrnaiior 
storage unit, in a case where a program which 
s sain p---::i .:• ens- ■ib'.jtabio to :-:.-J sio-aqo 
module but net currently stored in said storage 
module, or address information thereof is -*s 
stored in said program information storage unit: 
arid 

means for acquiring a program specified by 
said pointer data stored in said virtual distribu- 
tion information storage unit. -,t. v/i-g said pre- 20 
gram information storage unit in accordance 
with a request from said mobile terminal, and 
distributing said program to said storage mod- 
ule, and moving said pointer data to said real 
distribution informal ion storage unit. a? 

23. A contents server comprising 

weans for acquiring an Encryption key unique 
to a storage module from an external authenli- 30 
cation server upon receipt of a program distri- 
bution request from a mobile terminal built in or 
connected to said storage module; 
first encryption means for encrypting a program 
to be distributed, by said first encryption key; 35 
secono encryption moans for encrypting & pro- 
gram obtained by said trst encryption means, 
in such a manner as to be decrypted by the dis- 
tribution management server for distribution to 
said storage mo-Jute a»'d 40 
means for transmitting said program encrypted 
by said firs; and second encryption means to 
said distribution management server 

24. A storage module bunt in or connected to a mobile 45 
terminal comprising 

a storage unit: ana 

a control unit for receiving an encrypted pro- 
gtann from a stoc^o cistribubo-; ma -raceme-: ac- 
server through said mobile terminal decrypting 
said program by a private key stored in ad- 
vance, storing said program in said storage unit 
only in a case where said decrypt succeeds 
aod. in response to a request, executing said 55 
program stored if sa d storage yn - 

26. A storage module as set forth in claim 24 charac- 



terised in that said storage unit includes a plurality 
of storage blocks for executing a program, and a 
storage area -for storing an activation flag indicating 
whether a program stored in each storage block can 
be executed cr net. and 

said con trot Unit writes said activation flag in 
accordance with an instruction received from a dis- 
tribution managemeni ssrvar through said mobile 
terminal, and in a case where an instruction is given 
to execute a program stored in any one of basic 
blocks through said mobile terminal, said control 
unit determines whether said execution instruction 
is to be followed or not based on an activation flag 
::oirespond-ng -o one of said basic blocks. 

2S. A program distribution method characterized by 

comprising: 

a slep of a mobile terminal Iransmittmg a pro- 
gram distribution request to a contents server, 
saici swage- module being built in or connected 
to said mobile terminal; 
a step of said cements server receiving said 
distribution request and transmitting a program 
lo be distributed, lo a distribution management 
server; and 

a step of transmitting said program to said stor- 
age moduie built in or connected to said mebiie 
terminal to which said distribution request is 
transmitted, in acase whore saidcontenisserv-- 
er transmitting said program is an authorized 
contents server, 

27. A program distribution method comprising: 

a step of a mobile terminal transmitting a pro- 
gram distribution request to a contents server 
said storage module being built in or connected 
to said mobile terminal: 
a step of said contenls server receiving said 
distribution request and acquiring a first en- 
cryption key unique to said storage module 
from an authentication server; 
a step of said contents server encrypting a pro- 
gram to be distributed by said first encryption 
key; 

a step of said contents server encrypting s pro- 
gram encrypted by said first encryption key, by 
a second encryption key acquired in advance 
a slep of said contents server transmitting a 
program encrypted by said first encryption key 
and said seco-d e-cryptic-n key. lo a distribu- 
tion management server; 
a step of said distribution management server 
decrypting said program transmitted from said 
contents server, to a stale befo-e said second 
encryption, and generating a program encrypt- 
ed only bysaic first encryoilon key: and 
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,4 ster> of drstrbuttcn 'W'ag^-e-i se-ve- 
transmitting a program encrypted only by said 
firs? 8*ic*73' .or Key. :o storage module buiit 
in or connected to a mobile terminal to which 
saic; distribution request is transmitted. 

28. A program distribution method comprising: 

a step ot a mobile terminal transmitting a pro- 
gram distnb..; -on uKiue?; to a distribution man- 
agemam sova sioraa;: modulo o^ng built 
in or connected to said mobile terminal; 
a step of said distribution management server 
receiving sasd distribution request, and deter- 
mining whether a program to oe distributed is 
a program provided by an authored contents 
sewer or net; and 

acquiring sa^d program and transmitting ii to a 
storage module built in or connected to said 
mobile terminal in a case where said program 
to be distributed is provided by art authorized 
contents server 

29. A program distribution method as set forth in claim 

23 comprising: 

a stsp of said distribution management server 
storing a program or address information there- 
of in storage means in place of said storage 
module; and 30 
a step o! sad Distribution management server, 
upon receipt of a program distribution request 
from said mobile terminal, acquiring a request- 
ed program using said storage means and dis- 
tributing it to said storage module, 36 

30. A program for causing a computer of a distribution 
management server to execute: 

a process tor receiving from said contents serv- *o 
er a program which has been encrypted by a 
first encryption key unique fo a distribution des- 
tination and a second encryption key unique to 
a contents server authorized to distribute a pro- 
gram: and 45 
a process lor decrypting a program received 
tram said contents server and thereby restoring 
said program to a state before the encryption 
by said second encryption Key, thereby gener- 
ating a prog-am encrypted onty by said first en- 50 
eryption Key and distributing said program to a 
storage module built in orcennected to a mobile 
terminal 

31 . A program tor causing a computer of a distribution 55. 
management server to execute' 

a step o f receiving a program distribution re- 



m .c:.ji* bu thetein or connected thereto 
a step of determining whether a program to be 
d stricuted is provided by an authorized con- 
st step o? acc:;..if"ing saic pogram to co ci:smb 
uted and transmitting it to a storage module 
built in or connected to said mobile terminal in 
a case where said program is provided by an 
authorized contents server 

32, A program distribution method as set forth in claim 
30. characterised by comprising; 

a step of storing a program or the address in- 
formation thereof in storage means in place of 
said sto-age module; and 
a :-;:Cv: o! ■-•^quh r-q ;.i requested program using 
sa-c storage moans <;r!!j c-Uiibutirtp, said P"->- 
gram to said storage modulo, upon receipt of & 
program distribution request from said mobile 
terminal 

33. A program tor causing a computer of a contents 
server t< 



a process for acquiring; upon receipt of a pro- 
gram distribution request from a mobile termi- 
nal with a storage moduse buiit therein or con- 
nected thereto, an encryption key uncus to 
said storage module from an externa! authen- 
tication server; 

the fsrst encryption process for encrypting a 
program to be distributed, by said first encryp- 
tion key: 

the second encryption process tot encrypting a 
program obtained by said first encryption proc- 
ess, in such a manner as to be decrypted by a 
ffis-.nbct-cr, management server for distributing 
a program to said storage module: and 
the process for transmitting a program encrypt- 
ed by said first and second encryption process- 
es to said distribution management sewer. 

34. A program for causing the control unit of a storage 
module buiit in or connected to a mobile terminal tc 



a process far receiving an encrypted program 
from a specified distribution management serv- 
er through a mobile terminal: 
a process for decrypting the received program 
by a private key stored in advance, and oniy in 
a case where said decryption is successful, 
storing said program in a storage unit; and 
a process for executing the program stored in 
said storage unit, as required 



51 



EP 1 248 18S A1 



62 



SS. A program to- causing a camp'. :er o f a drst-bufion 
management sewer to execute 

a process for receiving from a contents server 
authorized ;c Distribute a program, a program 
encrypted cy a first encryption key unique to a 
'M-s.- !>-■:■ 5 nci a second erctyoiicn Key cvcce 
to said contents server; and 
a process :'aroeci\<:!ir:qs.^ppcgrair receivec 
from sard contents server and restoring said 
program to a state before said encryption by 
saio si-coa;;' en cry;-! a;r key. merotty noon. Viir 0 
a program encrypted only by said first encryp- 
tion Key and distributing said program to a stor- 
age medute built m or connected to a mobite 
terminal 

36. A program for causing a compuisr of a distribution 
management server to execute 

a stop of receiving a program distribution re- 
quest from a mobile terminal with a storage 
module b-M therein or connected thereto; 
a stop of cctermining whether a program to be 
distributed « provided by an authorized con- 
tents server or not; and 
a step cf acquiring and transmitting a program 
to be distributed, to a storage module buiit in or 
connected to said mobile terminal in the case 
where said program is provided by an author- 
ized contents server. 



distribution management server 'O" a siribur 
a program to said storage module, and 
a process for transmitting to said distribution 
management server said program encrypj.es 
by said first and said second encryption proc- 



. A program for causing said control unit of a s 
module built in or connected to a mobile terminal to 



a process for receiving ran encrypted program 
from a specified distribution management serv- 
er through said mobile terminal; 
a process fot decrypt nq; aid re seived program 
by 3 private key stored, and storing said pro- 

•ran - j t only n wher c 

cectypt'on is successful; and 

1 1 rocess for executing said program stored m 
said storage unit, as required. 



37. A- program distribution method as set forth in claim 
36, characterized by comprising; ' 

m 

a step of coring a program or the address In- 
formation thereof in storage means in place of 
said storage module; and 
acquiring, upon receipt of a program distribu- 
tion requests from said mobile terminal, the re- *o 
quested program utilizing said storage means 
and distributing said program to said storage 
module. 

38. A program for causing a computer of a contents *s 

server to execute; 



a it-roe-ecs fot aooi. n'ig an encryption key 
unrque to a storage module buiit in or connect- 
ed to a netiie terminal from an external authen- 
tication server, upon receipt of a program dis- 
tribution recuesi from said mobile terminal: 
a first encryption process fc encysting a pro- 
gram tc be distributed, by said first encryption 
key: 

a second encryption key for encrypt -g said 
program obtain ea by sa.a fast encryption croc- 
ess, in such a manner as to be decrypted by a 
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